Boost core JavaScript technology Node.js security report by interviewing security releases team covering best practices and threat models.
Node.js is an open source project powering over 30 million web sites. But since it is an open source project, ultimately it has limited resources. The OpenSSF provided the OpenJS Foundation a grant of $400,000 to help improve Node.js security. However, to build the Node.js security community, the community needs to find out about the improvements and understand how they can get involved.
Once a month, we interview the security team, going through a list of triage issues, updates, problems with outside applications like OpenSSL, and more. This is used as a basis for blogs, social media, internal communications to members, and more.
Take security issues and make them widely known. Talk directly to the security team, translate it for wide us, and leverage the communications channels of the OpenJS Foundation to make sure that the Node.js community around the world is up-to-date.
We built a direct communications channel out to the Node.js community by interviewing the security team, summarizing and contextualizing the information, and communicating it out widely.
The OpenJS Foundation will be getting a second grant from the OpenSSF foundation due to the results communicated out during the first grant period.
“ We needed to make sure the solid results coming from the OpenSSF grant were being communicated to the Node.js community. Oppkey has provided the means to get that information out quickly and broadly. ”
Robin Ginn, executive director, OpenJS Foundation