doc: add 2024-02-01 minute

meetings/2024-02-01.md

@@ -0,0 +1,74 @@
+# Node.js  Security team Meeting 2024-02-01
+
+## Links
+
+* **Recording**:  <https://www.youtube.com/watch?v=1nRb0Dp6cYA>
+* **GitHub Issue**: <https://github.com/nodejs/security-wg/issues/1214>
+* **Minutes Google Doc**: <https://docs.google.com/document/d/1uhrnQF-Nzwo874k9flJzmiD3maPjVJO2imrARNAKzPU/edit>
+
+## Present
+
+* Ulises Gascon: @UlisesGascon
+* Marco Ippolito: @marco-ippolito
+* Michael Dawson: Michael Dawson
+* Adam Korczynski (from team doing fuzzing):
+* Prabhu Subramarian:
+
+## Agenda
+
+## Announcements
+
+*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.
+
+* [X] Vulnerability Review - <https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues>
+Nothing relevant to mention, a few open ssl vulnerabilities that are waiting to be patched with a future release
+
+* [X] OpenSSF Scorecard Monitor Review -
+  * No further action is required by the team
+  * PR: <https://github.com/nodejs/security-wg/pull/1221>
+  * Issue: <https://github.com/nodejs/security-wg/issues/1220>
+
+### nodejs/security-wg
+
+* Security initiative in December 2023: fuzzing Nodejs:     <https://github.com/google/oss-fuzz/tree/master/projects/nodejs>
+  * Update from Adam from Ostif, working on fuzzing, found some issues, will report privately
+
+[#1159](https://github.com/nodejs/security-wg/issues/1159) NodeJS Code integrity on Windows
+
+[#1149](https://github.com/nodejs/security-wg/issues/1149)
+
+* Audit build process for dependencies
+
+[#1037](https://github.com/nodejs/security-wg/issues/1037)
+
+* Good meeting today, some notes added to issue. Have a deep dive session updates here: <https://github.com/nodejs/security-wg/issues/1037#issuecomment-1921563826>
+* Another meeting schedule for 9 ET on Feb 15
+* Prabhu added that CycloneDX can track the build steps of our dependencies
+
+* Initiative for CII-Best-Practices for Nodejs Projects [#953](https://github.com/nodejs/security-wg/issues/953)
+  * Ulises, not too much activity, maybe we can pull 20 mins from next meeting to discuss/move
+    forward
+
+* Permission Model - Roadmap [#898](https://github.com/nodejs/security-wg/issues/898)
+  * No updates this week
+
+* SBOMS
+  * off agenda because we wanted to take some time to make a decision
+  * Marco
+    * Suggest we make decision to start with cyclone dx
+      * seems like the easiest way to move forward than alternatives
+      * its being standardized
+      * will start with it being private so that we can look at it before sharing more widely
+      * start with easier dependencies
+    * Michael, sounds good +1
+      * if somebody else wants to also work on some alternative, happy to
+        have them do that as well
+    * Everybody in the meeting was in agreement
+
+## Q&A, Other
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.