Skip to content
Permalink
main
Switch branches/tags
Go to file
 
 
Cannot retrieve contributors at this time
164 lines (105 sloc) 5.96 KB

1. Opening Activities

1.1 Opening comments (Co-Chair David)

1.2 Introduction of participants/roll call (Co-Chair David)

First Name Last Name Company Role(s)
Aditya Sharad Microsoft Voting Member
Aharon Abadi WhiteSource Voting Member
Chris Meyer Microsoft Voting Member
David Keaton Individual Chair
Johnathan Gilday Contrast Security Observer
Mary Martin Microsoft Member
Michael Fanning Microsoft Voting member
Nathan Baird Microsoft Voting member
Paul Anderson GrammaTech, Inc. Voting Member
Stefan Hagen Individual Secretary, taking notes
Thanassis Avgerinos ForAllSecure Inc Voting Member
Yekaterina O'Neil Micro Focus Voting member

1.3 Procedures for this meeting (Co-Chair David)

1.4 Approval of agenda (Co-Chair David)

Agenda was approved.

1.5 Approval of previous minutes (Co-Chair David)

Minutes were approved.

1.6 Review of action items and resolutions (Secretary Stefan)

  • ACTION on xxx

1.7 Identification of SARIF TC voting members (Co-Chair David)

1.7.1 Prospective members attending their first meeting

1.7.2 Members attaining voting rights at the end of this meeting

1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends

1.7.4 Members who previously lost voting rights who are attending this meeting

1.7.5 Members who have declared a leave of absence

2. Future Meetings

2.1 Future meeting schedule (Co-Chair Keaton)

  • Scheduled Teleconferences (Thursdays at 08:00 PT / 15:00 UTC for 1.5 hours)

    June 16
    June 30
    
  • Possible face-to-face meeting when pandemic permits

3. Liaisons

3.1 OpenSSF

3.1.1 Choose who will act as liaison

  • Michael offers but strongly suggests another member joins force

3.1.2 Arrange to initiate contact with OpenSSF

  • Michael will initiate

4. Discussion

4.1 Review recruitment effort to complete the technical committee

  • Yekatarina: Trying to recruit an additional colleague

4.2 Review status on finalizing SARIF 2.1 errata List of next steps - github issue #509

4.3 Review current state of ecosystem ongoing work

  • Chris:
    • Ongoing work

4.4 Any continued report/discussion on metrics

  • Ongoing

4.5 Discussion of updates to SARIF web site https://sarifweb.azurewebsites.net/

4.6 Review outcomes of subgroup discussions

  • Michael leads throught the reports
  • Michael suggests to offer demos during the June meetings
    • Chris seconds
    • Michael shortly reports on the WhiteSource tools to visualize other SCA results
    • Michael thinks we should be able to do similar things in SARIF also.
      • Why not prototype that (using auto fix features available in VS Code already)
      • Other annotation languages available in the Windows teams at Microsoft that could be available to demo in June
  • Thanassis
    • is very interested to go in that direction and explains additional opportunities to continue from there
    • mentions the API solution as a quite simple to deploy service / application
    • thinks that they may be able to show some ForAllSecurity demos after the June meetings

4.7 Status of Wikipedia page

4.8 Discuss end-to-end results management (including code insights protocol)

None

5. Other Business

6. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)

6.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair Keaton)

6.2 Review of Decisions Reached (Secretary Hagen)

  • DECISION on domain for the content website trying to secure before next meeting

6.3 Review of Action Items (Secretary Hagen)

  • ACTION on Chris to secure / purchase the proposed domain
  • ACTION on Michael to initiate contact with OpenSSF
  • ACTION on David to help Michael with the SARIF schema for the Errata
  • ACTION on Chris to invite David and Michael on a website review meeting
  • ACTION on Chris to solicit a working example from WhiteSource of their scenario
  • ACTION on Chris to prepare a demo of the VS Code auto fix functionality

7. Next Meeting

Jun  16, 2022 / 08:00-09:30 PDT / 15:00-16:30 UTC

8. Adjournment

Meeting was adjourned.