From f10381283dde5921f5c18893d93935f30d73a8c5 Mon Sep 17 00:00:00 2001
From: RafaelGSS <rafael.nunu@hotmail.com>
Date: Mon, 2 Oct 2023 18:02:46 -0300
Subject: [PATCH] doc: add nodejs september report

---
 .../2023/node.js/update-2023-09.md            | 50 +++++++++++++++++++
 1 file changed, 50 insertions(+)
 create mode 100644 alpha/engagements/2023/node.js/update-2023-09.md

diff --git a/alpha/engagements/2023/node.js/update-2023-09.md b/alpha/engagements/2023/node.js/update-2023-09.md
new file mode 100644
index 00000000..9195691b
--- /dev/null
+++ b/alpha/engagements/2023/node.js/update-2023-09.md
@@ -0,0 +1,50 @@
+# Update 2023-09
+
+The following update is according to the [Security Support Role](./security-support-role.md) document.
+
+Each section points to at least one item on the priority list defined by the Security Support Role document.
+
+## 1) Fix and Triage Security Issues
+
+> Notice of deprecation: HackerOne deprecated the monthly digest email.
+
+* 9 reports were submitted in September.
+  * 3 Triaged
+  * 3 Closed as non-applicable
+  * 3 Closed as informative
+* The average first response time in September was 4 hours and 30 minutes (-10%), compared to 5 in August.
+
+## 3) Node.js Security WG Initiatives
+
+2023 Security Initiatives - https://github.com/nodejs/security-wg#current-initiatives
+
+* Permission Model
+  * End discussion of loading permissions from a config file in the permission model - https://github.com/nodejs/security-wg/issues/1074
+    * One can use the latest Node.js feature `--env` and use `NODE_OPTIONS` to pass permisison model configuration
+      * _* it has some edge cases_
+
+* Assessment against Best Practices
+  * Continuos improvement on every Security WG Call
+  * CII-Best-Practices
+    * Entry Level - Done
+    * Silver Level - Done
+    * Gold Level - In progress - https://github.com/nodejs/security-wg/pull/956
+
+* Automation of Security Release
+  * Creating Security Release issue is now automated - https://github.com/nodejs/node-core-utils/pull/715
+
+## 4) Node.js Security Sustainability
+
+* September was a month full in terms of speaking engagments
+  * The State of Node.js Security - Node.js Collab Summit / Bilbao - Spain - Sept 18th
+  * The Journey of Node.js Permission Model - OpenSSF Day / Bilbao - Spain - Sept 18th
+  * Improving the security of a large open source project - Open Source Summit EU / Bilbao - Spain - Sept 20th
+  * Node.js Project - Grace Hopper Celebration Day / Remote - Sept 22th
+  * Improving the security of a large open source project - OpenJS World / Shanghai - China - Sept 26th
+
+## 5) Improving Security Processes
+
+* Cleaning up CITGM failures - https://github.com/nodejs/citgm/issues/955
+  * Bankruptcy - https://github.com/nodejs/citgm/pull/959
+  * Actively working on re-adding modules
+  * Monitoring CITGM status in https://github.com/nodejs/citgm/issues/997