We are open to, and grateful for, any contributions made by the community. By participating in this project, you agree to abide by Express.js Code of Conduct.
The Security Working Group is open to anyone who is interested in security and wants to contribute to the security of the Express.js ecosystem. You don't need to be a security expert to join the group, but you need to be passionate about security and willing to learn and contribute. We encourage you to join the group and contribute in the following ways:
- Participate in the meetings
- Participate in the offline discussions
- Contribute to the GitHub issues
- Provide feedback on the security policies and procedures
- Contribute to the security guidelines and recommendations
The group is composed by two groups of members: the Security Triage Team and the Regular members. The regular members are responsible for the public facing activity of the group, while the Security Triage Team is responsible for the security triage process.
To join the Security Working Group, you need to:
- Join the OpenJS Foundation Slack
- Join the channel
#expressin the OpenJS Foundation Slack - Contribute to the group activities
- Discuss with the existing members about your interest in joining the Security Triage Team, so they can evaluate your participation and invite you to join the team.
By default, all the Technical Committee (TC) members, and repo captains are part of the Security Triage Team. Also, the Security Triage Team can invite other members to join the team based on their participation and contributions to the group activities.
It is expected that the Security Triage Team members have a good understanding of the Express ecosystem and the security practices, and are willing to contribute to the security of the Express ecosystem in a long term.
This group is responsible for the security triage process, and the members of this group are expected to be available to support the TC team on security triage when is requested. The Security Triage Team is responsible for managing incoming security reports, and responsible also to help developing patches or security releases.
A TC member will help you to get started with the onboarding process. The onboarding process includes:
- Provide guidance to the group activities
- Introduction to the security triage private channel in Slack
#express-security-triage - Access to the security triage private repository
- Access to the reporting tools