Minutes from 2022-12-08 (oasis-tcs#558)

zzh-z · Jan 4, 2023 · ba3589e · ba3589e
1 parent 1a95638
commit ba3589e
Showing 1 changed file with 139 additions and 0 deletions.
diff --git a/meeting_minutes/221208_SARIF_TC_71.md b/meeting_minutes/221208_SARIF_TC_71.md
@@ -0,0 +1,139 @@
+# 1. Opening Activities
+
+## 1.1 Opening comments (Co-Chair David)
+
+## 1.2 Introduction of participants/roll call (Co-Chair David)
+
+| First Name | Last Name | Company           | Role(s)                         |
+|:-----------|:----------|:------------------|:--------------------------------|
+| Aditya     | Sharad    | Microsoft         | Voting Member, leave of absence |
+| Charles    | Wilson    | Motional AD       | Voting Member                   |
+| David      | Keaton    | Individual        | Chair                           |
+| Gerald     | Sullivan  | Micro Focus       | Voting Member                   |
+| Nathan     | Baird     | Microsoft         | Voting Member                   |
+| Paul       | Anderson  | Grammatech, Inc.  | Member                          |
+| Pavel      | Mikula    | Sonar             | Voting Member                   |
+| Thanassis  | Avgerinos | ForAllSecure Inc  | Voting Member                   |
+| Yekaterina | O'Neil    | Micro Focus       | Voting member                   |
+
+## 1.3 Procedures for this meeting (Co-Chair David)
+
+## 1.4 Approval of agenda (Co-Chair David)
+
+* https://www.oasis-open.org/committees/download.php/70541/agenda_20221208.html
+
+Thanassis moved, Charles seconded, no objections.
+The agenda was approved.
+
+## 1.5 Approval of previous minutes (Co-Chair David)
+
+* [Minutes of 2022-11-10 Meeting #70](https://www.oasis-open.org/committees/document.php?document_id=70511&wg_abbrev=sarif)
+
+Pavel moved, Thanassis seconded, no objections.
+The minutes were approved.
+
+## 1.6 Review of action items and resolutions (Secretary Stefan)
+
+* ACTION on Michael to keep pushing to close on the wikipedia page
+  * ONGOING
+  * Almost ready to submit page to wikipedia
+* ACTION on Jeff to provide an initial seed page at github to foster the future roadmap / extension discussion
+  * ONGOING
+
+## 1.7 Identification of SARIF TC voting members (Co-Chair David)
+
+* Jonathan Gilday has changed jobs and intends to leave the group.  His contributions are appreciated.
+
+### 1.7.1 Prospective members attending their first meeting
+
+### 1.7.2 Members attaining voting rights at the end of this meeting
+
+### 1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends
+
+### 1.7.4 Members who previously lost voting rights who are attending this meeting
+
+### 1.7.5 Members who have declared a leave of absence
+
+* Michael Fanning
+
+# 2. Future Meetings
+
+## 2.1 Future meeting schedule (Co-Chair Keaton)
+
+- Scheduled Teleconferences (Thursdays at 08:00 PT / 16:00 UTC for 1.5 hours)
+    ```
+    January 19
+    ```
+- Proposed Teleconferences (Thursdays at 08:00 PT / 16:00 UTC for 1.5 hours)
+    ```
+    February 2
+    February 16
+    ```
+- Possible face-to-face meeting when pandemic permits
+
+# 3. Liaisons
+
+## 3.1 [OpenSSF](https://openssf.org/) Security Tools group
+
+> Liaison Group: ForAllSecure/Thanassis Avgerinos, Contrast Security/Jeff Williams, Microsoft/Michael Fanning
+
+* Report status and any communication from OpenSSF Security Tools
+  * Liaison group attended OpenSSF December 6th meeting. The SBOM everywhere group is helping with adoption of the standard and also expanding it to handle frequently requested features from the community. There is great potential for cross-group collaboration. A lot of the SBOM workflows suggested for organizations and developers have parallels with the SARIF report workflows, especially considering that security findings are intended to be part of the SBOM standard. The standard is intended to be guidance for the community and *not* force a specific format on everyone (several competing formats exist today). Consuming SBOM reports is a focus. It was unclear how today's SBOM workflows can capture ephemeral results - for example, an SBOM report may have zero security findings right now but can have several security issues in a few minutes. How are such updates part of the SBOM workflow? Can SARIF assist with expressing some of these issues? What is the right way for SARIF to integrate with the SBOM effort or is this out of scope? Questions for the group to consider.
+* Compose a liaison statement to OpenSSF Security Tools if appropriate
+  * No news
+
+# 4. Discussion
+
+## 4.1 Review status on finalizing SARIF 2.1 errata [List of next steps - github issue #509](https://github.com/oasis-tcs/sarif-spec/issues/509)
+
+* Mary Martin is going to do the final editing pass. Content is finished, currently in the final polish stage. After it's published we have a 15 day comment period.
+
+## 4.2 Review current state of ecosystem ongoing work
+
+None noted
+
+## 4.3 Review outcomes of subgroup discussions
+
+None noted
+
+## 4.4 Discuss end-to-end results management
+
+Skipped
+
+## 4.5 List of small, non-breaking open requests to consider as a dot release of the SARIF standard
+
+Skipped
+
+## 4.6 Review Roadmap
+
+Skipped
+
+## 4.7 Discuss SARIF's relationship to other relevant standards
+
+Skipped
+
+# 5. Other Business
+
+None
+
+# 6. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)
+
+## 6.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair Keaton)
+
+## 6.2 Review of Decisions Reached (Secretary Stefan)
+
+* DECISION to meet on February 2, 2023, and February 16, 2023
+
+## 6.3 Review of Action Items (Secretary Stefan)
+
+* There are ongoing actions from previous meetings
+
+# 7. Next Meeting
+
+  ```
+  Jan  19, 2023 / 08:00-09:30 PDT / 16:00-17:30 UTC
+  ```
+
+# 8. Adjournment
+
+Meeting was adjourned.