doc: add meeting minutes 22-06 (#1035)

RafaelGSS · web-flow · commit 82cb3c66a6d4 · 2023-06-22T15:25:25.000-03:00
diff --git a/meetings/2023-06-22.md b/meetings/2023-06-22.md
@@ -0,0 +1,76 @@
+# Node.js  Security team Meeting 2023-06-22
+
+## Links
+
+* **Recording**:  https://www.youtube.com/watch?v=bXmuOBod2RU
+* **GitHub Issue**: https://github.com/nodejs/security-wg/issues/1026
+* **Minutes Google Doc**: https://docs.google.com/document/d/1X2F4JTChNLEod7qzh9aTEqgIJtGrvLumnnLk7efiE_o/edit
+
+## Present
+
+* Security wg team: @nodejs/security-wg
+* Rafael Gonzaga: @RafaelGSS
+* Michael Dawson: @mhdawson
+* Ulises Gascon: @UlisesGascon
+
+## Agenda
+
+## Announcements
+
+*Extracted from **security-wg-agenda** labeled issues and pull requests from the **nodejs org** prior to the meeting.
+
+- New Security Releases!
+  - Since Tuesday available. Details: https://nodejs.org/en/blog/vulnerability/june-2023-security-releases	
+
+- [x] Vulnerability Review - https://github.com/nodejs/nodejs-dependency-vuln-assessments/issues
+  - 0.2 decrease in undici (expected)
+
+- [x] OpenSSF Scorecard Monitor Review - https://github.com/nodejs/security-wg/pull/1033
+  - In the next call we will discuss about the future of this initiative (aside of monitoring) 
+
+### nodejs/security-wg
+
+* Permission - Environment variables [#993](https://github.com/nodejs/security-wg/issues/993)
+  * Open for support from the community
+  * Removed from agenda
+
+* Requirement: Secure development knowledge [#987](https://github.com/nodejs/security-wg/issues/987)
+  * Removed from agenda
+* Requirement: Publicly known medium-high vulnerabilities unpatched for +60 days [#986](https://github.com/nodejs/security-wg/issues/986)
+  * Removed from agenda
+* Initiative for CII-Best-Practices for Nodejs Projects [#953](https://github.com/nodejs/security-wg/issues/953)
+  * Silver level almost concluded.
+  * Waiting for badge resolution in the Entry level
+  * Waiting for access to the OSSF Best practices website
+
+* Permission Model - Roadmap [#898](https://github.com/nodejs/security-wg/issues/898)
+  * New improvements and fixes shipped in the last release
+  * Investigation ongoing for symlinks
+
+* Update Charter / Readme.md [#874](https://github.com/nodejs/security-wg/pull/874)
+  * We want to keep this in the loop as we need to do more changes in the repo name, etc..
+  * PR merged
+
+* Automate security release process [#860](https://github.com/nodejs/security-wg/issues/860)
+  * The three new releases were created the automation made by Rafael
+  * It will require some extra work to fine tune details (like multi-commits…), see: https://github.com/nodejs/security-wg/issues/860#issuecomment-1602747118
+
+* Assessment against best practices (OpenSSF Scorecards ...) [#859](https://github.com/nodejs/security-wg/issues/859)
+  * Once the gold standard is done, this initiative will be closed
+
+* Discussion about policy-integrity integration on Windows [#856](https://github.com/nodejs/security-wg/issues/856)
+  * Removed from the agenda
+
+## Q&A, Other
+
+* New initiatives will be starting soon
+  * Dependencies immutability
+  * Supply chain attacks mitigation (monitoring and promoting best practices)
+ 
+
+## Upcoming Meetings
+
+* **Node.js Project Calendar**: <https://nodejs.org/calendar>
+
+Click `+GoogleCalendar` at the bottom right to add to your own Google calendar.
+
