[SEC-WG] Audit for Webpack?

[bjohansebas]

To separate topics from #4, I’m opening this.

It might be interesting to have an audit to find vulnerabilities. For example, Express did this a long time ago (https://expressjs.com/2024/10/22/security-audit-milestone-achievement.html
). In Express’s case, it was done through https://ostif.org/
and funded by Sovereign Tech Agency. We could try to achieve the same.

Now that we have a triage team, this seems like a good idea

[bjohansebas]

For posterity, @UlisesGascon submitted the form to see if we are accepted by the STA to be audited.