-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability disclosures WG meeting 10/5/2020 #51
Comments
New Agenda Item - Martin Prpic from Red Hat Product Security to come talk about CSAF and other industry data format efforts |
New Agenda Item - Consideration of CERT/CC's VINCE platform as a possible mechanism for vuln. info sharing - https://kb.cert.org/vince/ If we'd like to hear more, we can invite Art Manion & crew to come talk to us The FIRST PSIRT SIG is endorsing open sourcing VINCE and supporting this tool. |
@RedHatCRob I added this to the agenda for Monday if this is something you want to discuss with the WG. |
I won't be able to attend the meeting today, but @RedHatCRob was kind enough to offer running the meeting today. |
OK, today the group discussed our desired goals for the WG and endorsed the following: 1.) Identifying vulnerability disclosure pain points for OSS maintainers, consumers, and reporter/finders and take steps to address them through techniques like automation and standardized data formats. 2.) Documenting and promoting reasonable vulnerability disclosure and coordination practices within the OSS ecosystem for component maintainers and community members by providing documented standards and educational materials. 3.) Facilitate the development and adoption of standards-based OSS Vulnerability information that uses existing industry formats. and allows OSS projects of all sizes to be able to report, share, and learn about vulnerabilities within OSS components. |
Hm, was the meeting recorded? I realized afterwards it wasn't declared as such. |
Arrg! Sorry all, I forgot to press the button. We did take notes in the gdoc (my hat is off to whomever paid such excellent attention & captured everything so well) - https://docs.google.com/document/d/1VAx4crIxhfHExTlUaGlcocYgB7pHfP2Eq8INYBZkqPM/edit?usp=sharing |
No problem :) It might be a good idea to have that as a standard note in the agenda for future meetings so we don't forget. |
+1 |
I grabbed a lot of the notes, sorry for anything I missed - if we're using
zoom perhaps we could use otter.ai next time to grab live transcription?
(That's how i tend to do my D&D games)
--
Nicole Schwartz (She/Her)
amazonv@gmail.com
…On Mon, Oct 5, 2020 at 9:34 AM Rimas Mocevicius ***@***.***> wrote:
No problem :) It might be a good idea to have that as a standard note in
the agenda for future meetings so we don't forget.
+1
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#51 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAQBUWO42IFCHOXG7MMWNVDSJHRQNANCNFSM4R64RSAA>
.
|
Great notes! Thank you so much for taking them. I will open a PR to store those notes here in this repo before we close this issue. |
Fixes ossf#51 Signed-off-by: Morten Linderud <morten@linderud.pw>
Time
Monday October 5th, 2020 7:00 AM Pacific
Links
The invite is also available on the OpenSSF Community Calendar.
Agenda
Notes
The text was updated successfully, but these errors were encountered: