SFNode Meetup, Nov 2018 talk

Thursday, November 1st, 2018

I ( Tre’ Grisby ) talked at a SFNode Meetup. The meetup was hosted by Quantcast in San Francisco, California. Quantcast was a great host and had one of the best receptions. I want to give a big thanks to Quantcast for being such gracious host!

My talk was titled “Node.js Security, best practices“. It was a top ten list of security practices that are beneficial for anyone getting started in node. The goal was to identify possible threats and tools a developer could use to minimize exposure to these threats.

I will not write out all my notes again here. Below is a link to all the resources I used in the talk.


As part of my talk I introduced a thought. In the pursuit of making security more accessible, and reporting vulnerabilities easier. I  asked the JavaScript open source ecosystem to start using a “security.md” file in github repositories. ( Read more here… )

The tl;dr is… adding this file to the root directory should be a new standard. This file will have the project’s “security policy” and “vulnerability reporting expectations”. This way anyone that wants to report an issue can do so easily. This is modeled on the “security.txt” file. Check out my github repo and make comments to help me improve this proposed standard.

Please help me:

  1. Star this github repo
    https://github.com/Trewaters/SFNode-Nov-2018 )
  2. Follow me “@trewaters” on github
    https://github.com/Trewaters )
  3. Follow me on Twitter
    https://twitter.com/trewaters )