From 5048ddbb28dadb7b3546e8d879daf05dd75e838d Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Thu, 26 Sep 2024 11:58:34 -0300
Subject: [PATCH] doc: add meeting note 2024-09-26

---
 meetings/2024-09-26.md | 59 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 meetings/2024-09-26.md

diff --git a/meetings/2024-09-26.md b/meetings/2024-09-26.md
new file mode 100644
index 000000000..e81622b87
--- /dev/null
+++ b/meetings/2024-09-26.md
@@ -0,0 +1,59 @@
+# Node.js  Security team Meeting 2024-09-26
+
+## Links
+
+* **Recording**: https://www.youtube.com/watch?v=kjb_bOObDk0
+* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1382
+* **Minutes Google Doc**: https://docs.google.com/document/d/1rHzDiqZ1XXBChji2R97X1tJUHptMwXSmUgHnR-m_Q3U/edit
+
+## Present
+
+* Security wg team: @nodejs/security-wg
+
+* Rafael Gonzaga: @RafaelGSS
+* Ulises Gascón: @UlisesGascon
+* Michael Dawson: @mhdawson
+* Robert Waite
+* Mickaël Salaün
+
+## Agenda
+
+## Announcements
+
+*Extracted from **security-wg-agenda** labelled issues and pull requests from the **nodejs org** prior to the meeting.
+
+- [X] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
+  - The only new issue is question asking about openssl update
+- [X] OpenSSF Scorecard Monitor Review
+  - Last report: https://github.com/nodejs/security-wg/pull/1385
+  - No action is needed from the team   
+
+### nodejs/node
+
+* src: add WDAC integration (Windows) #54364
+  * Robert: Most of the suggestions from the last meeting were applied but not pushed due to some inconsistencies with Microsoft docs. I was working with Microsoft folks to have it solved.
+  * Robert invited Mickaël Salaün to the meeting
+  * Mickaël Salaün is working on restricting script execution on Linux side (https://lwn.net/Articles/982085/).
+  * Mickaël Salaün gave a talk about script execution control on Linux last week at the Linux Plumbers Conference: https://lpc.events/event/18/contributions/1692/ (https://www.youtube.com/live/OWURlNpBk5s?t=3420s
+)
+  * We have discussed how it’s being implemented and how we could use it from a Node.js perspective.
+
+### nodejs/security-wg
+
+* Audit build process for dependencies [#1037](https://github.com/nodejs/security-wg/issues/1037)
+  * Michael - spent some more time looking at the common container for building WASM - https://github.com/nodejs/security-wg/issues/1236#issuecomment-2375338141
+
+* Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860)
+  * https://github.com/nodejs/node-core-utils/pull/858
+
+* Node.js maintainers: Threat Model [#1333](https://github.com/nodejs/security-wg/issues/1333)
+  * no time to discuss it
+
+## Q&A, Other
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
+