►
From YouTube: Pipeline Security team meeting AMER 2023-05-25
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
All
right,
hi
there.
This
is
the
pipeline
Security
Group
call
for
May
25th
2023,
the
Americas
Edition,
so
we
had
a
couple
of
announcements.
So
please
take
time
to
take
a
look
at
those,
but
I
think
a
big
thing
just
to
I
know
it's
it's
also
in
a
lot
of
slack
channels,
which
is
like
please,
please,
please
take
the
engagement
survey.
A
All
right
so
moving
on
to
discussion
topics,
so
thank
you
all
for
commenting
on
the
the
Mr
template,
so
I'm
going
to
fold
in
the
latest
comments
that
I
just
got
and
then
we'll
get
this
merged.
Hopefully.
A
Yeah
so
I
know
there's
like
a
lot
of
stuff
in
there,
so
I
am
planning
on
making
some
some
items
optional
and
honestly
just
want
to
make
sure
that
the
template
isn't
necessarily
like
you
have
to
have
all
these
things,
but
rather
I
think
what
we
want
to
capture
is
hey.
Have
you
thought
about
these
things?
A
C
Yeah
I,
it's
just
a
link
that
gives
a
that
leads
to
the
superior
summary
of
the
competitor
evaluation
that
I
just
finished
and
Albert
has
highlighted
that
I
in
in
the
issue
as
well.
I
haven't
responded
there,
yet
that
if
I
have
also
covered
the
case
of
customer,
manage
encryption,
key
and
so
I
definitely
have
not,
and
I
was
mostly
looking
at
the
four
scenarios
that
were
covered
in
this
report.
I
found
the
link,
I
was
looking
for
that
I'll.
Add
it
here,
but
I
I
also
want
to
put
it
across
that.
C
If
you
see
anything,
that's
missing,
please
please
go
ahead
and
make
changes
to
the
insights
like
make
any
additions
or
edit
anything
that
you
seen
necessary,
because
the
results
are
definitely
influenced
by
my
limited
knowledge,
limited
technical
knowledge
about
the
subject
and
that's
why
I
need
the
team's
help
in
making
sure
that
we
don't
leave
anything
uncovered.
B
B
C
Yeah,
that's
all
otherwise,
like
there
were
some
very
interesting
insights
that
we
uncovered
and
also
like
some
good
practices
and
bad
practices,
things
that
we
should
avoid
in
whatever
we
do
next,
so
the
sketching
exercise
it.
C
The
issue
should
be
up
and
of
this
week
and
in
the
next
group
call
like
before
the
APAC
call
happens,
I'll
make
sure
that
we
have
something
in
place
and
I
make
a
small
announcement,
maybe
with
the
five
minutes
long
video
to
kick
it
off
and
I'm
very
excited
about
that,
and
everybody
in
the
team
should
be
as
well.
A
Yeah
super
excited
cool.
B
All
right,
okay!
So
the
next
item.
A
I
have
is
just
encouraging
Community
contributions
for
build
artifacts,
because
this
is
one
of
those
areas
that
we
simply
just
haven't.
A
Well,
it's
tedious
and
you
know,
given
our
limited
resources
and
where
we
can
really
have
the
most
impact,
build
artifacts,
really
just
isn't
that
area,
and
so
that's
why
we
de-prioritize
build
artifacts
in
general,
when
we
moved
into
fy24
and
so
I
think
you
know,
we
continue
to
hear
a
lot
of
like
hey.
You
know,
y'all
are
missing
these
things.
A
A
So
I
know
one
of
the
one
of
the
items
is
you
know
we
can
tag
seeking
Community
contributions,
but
I
also
think
like.
We
need
to
have
like
an
implementation
guide
just
to
give
people
some
really
General,
like
high-level
guidance.
A
So
just
you
know
if
there's
anything
that
folks
think.
Like.
Oh
hey,
you
know
this
is
not
going
to
be
very
difficult.
We
can
like
have
some
some
really
brief,
like
guidance
to
help
folks
move
forward,
then
I
think
like.
We
should
definitely
take
some
time,
write
those
things
up
and
then
try
to
get
them
out
for
Community
contribution.
A
Then
the
next
thing
that
I
have
is
just
we
have
feature
labels
and
so
I
just
want
to
it'll
like
help
us
divide
up
the
sub
category.
Basically,
is
how
I'm
thinking
about
it,
like
the
subcategory?
More
so
like
right
now
in
Secrets
management
like
we
do
have
CI
variables
and
we
have
CI
job
token,
but
we
don't
have
something
that
really
like
if
I
were
to
really
want
to
do
a
filter
and
search
to
say,
like
hey.
A
This
is
tied
to
in
actual
Secrets
manager,
and
so
you
know,
I've
proposed
here.
A
couple
of
different
I'll
say
feature
labels
for
for
discussion
and
so
secret
storage.
A
A
B
B
A
And
then
I
will
voice
over
Albert's
looking
to
define
a
nomenclature
for
Secrets
management
so
that
we
can
have
a
ubiquitous
language.
Everyone
can
use.
The
idea
is
to
have
shared
vocabulary
to
for
the
secret
management
related
Concepts
I
haven't
had
a
chance
to
look
at
this,
but
I
think
that
would
be
great.
C
I
have
something
to
share
that
goes
with
this
I
wish.
I
was
more
prepared,
Erica
shared
her
work
that
she's
doing
in
this
quarter
and
she's
helping
the
runner
and
the
pipeline
authoring
team
with
some
researchers,
which
are
on
a
very
similar
area,
like
that's
also
for
kind
of
like
to
check
the
mental
models
if
they
are
really
something
in
alignment
with
the
industry
and
also
the
terminologies,
and
the
issue
is
please,
please:
okay
I'll
tag
it,
but
you
can
just
like
go
ahead
in
the
agenda.
I
did
some
time.
A
Cool
cool
awesome,
yeah,
I
think
this
will
be
great
and
you
know
I
think
like
we
could
maybe
like
share
out
and
publish
the
nomenclature
and
I.
Think
right,
like
yesterday
was
yesterday
yesterday
and
I
had
a
call
with
a
customer
and
and
also
our
CSM,
where.
A
A
C
The
other
researchers
are
led
by
the
designers
of
the
team,
but
I
mean
currently,
because
we
have
some
other
items
for
higher
priority.
A
Okay,
so
Albert
had
some
questions
around
requirements
for
our
native
Secrets
manager.
I.
A
Think
really
like
our
Focus
right
now
should
just
be
on
the
POC
and
POC
will
be
honestly
super
basic
yes,
and
we
can
talk
about
like
what's
easiest
to
to
really
do
to
get
a
POC
up
and
running,
but
I'm
not
so
concerned
right
now
about
trying
to
gather
all
the
customer
requirements,
because
we've
also
targeted
the
secrets
manager
like
I,
would
say
our
highest
priority
is
that
market
that
isn't
that
currently
doesn't
have
a
good
solution
right
like
it's.
A
It's
not
cheap
necessarily
to
to
go
all
in
on
in
with
the
third
party
Solutions,
and
so
you
know
when
we
think
about
who
might
be
the
best
candidate
that
we
could
actually
Market
our
own
Secrets
manager
to
well.
A
Yes,
I
think
there
are
probably
some
large
Enterprise
customers
were
really
those
those
aren't
necessarily
our
targets
like
people
with
Deep
Pockets,
aren't
necessarily
our
immediate
targets
right,
we're
about
like
helping,
maybe
like
more
like
the
SMB
group,
to
really
start
with
secrets
and
in
a
way
that
is
easily
digestible
for
them,
like
what
I
am
finding
from
a
lot
of
these
conversations,
too,
is
a
lot
of
our
customers.
A
Don't
have
like
the
in-depth
knowledge
and
resources
to
really
like
understand
conceptually
what
what
is
the
difference
about
putting
everything
involved
and
making
those
connections
right,
so
we're
looking
like
what
we're
really
aiming
for
is
hey.
How
do
we
make
it
like
simple
in
terms
of
like
integration
and
not
everyone
needs
all
the
super
fancy
different
types
of
encryption
and
whatnot,
so
we're
gonna
start
really
really
small
I
don't
want
to
be
very
clear
about
that.
A
Our
POC
is
literally
just
going
to
be
something
that
we
can
take
to
customers
or
potential
customers,
and
do
some
research
with
to
say,
like
hey,
get
loud,
you're
headed
in
the
right
direction
or
like
hey,
get
lab
you're
totally
off
the
path
like
you're
in
you
know,
you've
turned
apples
into
walnuts,
kind
of
thing
right
like
that's,
really
where
we're
going
with
the
POC,
so
I
just
want
to
like
emphasize
like,
please
don't
think
about
POC
as
like
our
starting
point.
A
To
our
end,
it's
really
just
information
gathering
before
we
make
a
heavy
investment
into
thinking
about
the
architecture
and
the
scalability
and
the
idea
of
like
oh,
is
this
going
to
be
something
that
is
is
a
menu
item
that
you
can
go
into,
and
it's
all
like
git
lab,
gitlab
or
oh.
Would
we
create
something?
That's
also
a
standalone
SAS
product
like
we're,
not
we're
not
even
close
to
that
right
now.
C
A
And
yeah
like
I,
would
say
those
are
like
the
top
things.
I
would
say
that,
like
the
next
nice
to
have
in
terms
of
research
might
actually
be
like
assigning
like
access.
C
Access,
yes,
so
access,
if
you
do
it
as
a
Next
Step,
that
will
give
us
some
time
to
like
take
the
POC
to
users.
Ask
them
more
questions
about
how
they
want
access
to
be
like
and
then
move
ahead
on
that,
because
it
will
be
a
lot
of
work.
A
Yeah
so
I
think
like
that
would
be
like
the
next
thing,
but
yeah,
let's
I
I'm
not
worried
about
scalability
right
now,
like
I,
don't
I
mean
if
this
is
like.
You
know
paper
and
tape.
Like
that's
perfect,
as
long
as
someone
can,
you
know,
move
some
flaps
around
all
good.
A
So
yeah,
but
then
I
think
to
like
going.
We
should
probably
honestly
or
I've,
probably
honestly,
go
through
like
Erica's
research
again
and
figure
out
based
on
those
pain
points
and
the
market
that
we
really
want
to
Target.
A
First,
what
what
those
actual
pain
points
are
and
and
where
we
really
need
to
land
for
an
MVC,
because
I
don't
actually
know
that
us
having
a
Secrets
manager
is
going
to
drive
that
much
more
ARR
from
our
ultimate
to
your
customers
right
because
they're
already
like
paying
they're,
not
it's
not
like.
Oh
we're,
gonna
bump
you
up
from
free
to
premium
or
premium
to
ultimate
for
our
secrets,
manager
right,
like
they're,
already
kind
of
in
those
like
paid
tiers
so
like
we
could
potentially
bump
some
people
up.
A
A
You
know
how
would
we
charge
for
it
all
those
things,
because
that
that'll
play
into
I
think
like
that
market
show
that
we're
trying
to
gain,
but
yeah
I
mean
we
want
this
to
be
incremental
right,
like
it's
all
about
growth,
so
I
think
that's
just
a
really
important
thing
to
like
focus
on
like,
let's
not
focus
on
like
the
North
Star
right
now,
because,
honestly,
I
don't
think
we
know
what
that
looks
like
at
all
like
I,
don't
maybe
other
people
have
some
thoughts,
but
I
certainly
do
not
at
this
point
have
like
I,
don't
know
if
offering
it
as
a
standalone
service
similar
to
both
is
really
the
direction
we
even
want
to
go
like
I.
A
Don't
know
that
that
really
yields
a
good
enough
market
for
us.
B
Cool
that
is.
C
A
So
many
of
them
cool
is
there
anything
else
we
want
to
add
before
I
stopped,
recording.