►
Description
Defend engineers working with PM to breakdown upcoming issues into components, clarify requirements, and identify work boundaries.
A
All
right
welcome
to
our
threat
management
planning
breakdown.
I
put
air
quotes
around
that
because
we
have
been
talking
about
reducing
the
number
of
meetings
and
combining
that
Monday
demo
meeting
with
this
Tuesday
planning
breakdown
media
and
have
it
be
a
group
wide
meeting
where
we
cover
both
topics,
as
well
as
any
general
questions
or
announcements,
so
that
change
should
happen
starting
next
week.
Scheduling
is
a
little
bit
hard.
I
want
to
make
sure
that
we
get
as
many
people
find
a
time.
A
That's
is
available
for
as
many
people
as
possible,
but
for
today
we're
focused
on
planning
break
down
for
two
issues.
Just
a
reminder:
this
is
not
a
substitute
for
grooming.
The
goal
of
this
meeting
is
much
more
high-level.
We're
gonna,
look
at
these
issues
and
ask
the
following
questions:
are
the
requirements
clear
enough?
Do
we
understand
the
boundaries
of
work
and
it's
the
research
and
solution?
Validation
complete,
oh,
and
we
break
it
down
in
these
smaller
I've.
A
So
this
was
one
that
was
created
so
I
guess.
This
brings
up
a
question
for
planning
breakdowns.
I,
don't
know
if
we
need
to
actually
be
planning
breakdown,
meetings
that
were
originated
by
engineering
I.
Think
typically,
it's
the
biggest
benefit
is
when
they
come
from.
You
know
large
features
you
know
like,
but
it's
really
we
talk
about
stuff
abettor,
so
Ross
is
chewing.
I
feel
like
this
is
a
good
time
to
ask
him
to
talk
because
I
see
that
happening
Ross
you
want
to
briefly
describe
or
verbalize
the
intent
of
this
issue.
A
A
B
You
know
thinking
you
know
like
he
said
it's
just
kind
of
one
of
those
things
that
is
just
needs
to
be
done.
I,
don't
think
it's
too
complex
of
an
issue.
I
guess.
A
D
At
least
initially,
stop
me
if
this
is
not
not
true.
The
concern
here
is
this
is
during
the
cut
over
from
the
existing
model
to
the
first-class
vulnerability
objects,
and
it
looks
like
it
was
just
mapped
to
an
incorrect
State,
so
that
so
this
is
got
to
be
kind
of
like
a
just,
a
one-time
cut
over
no
no.
C
There's
there's
there's
two
separate
issues
and
I
am
working
on
the
like
the
migration
of
data.
This
is
and
and
and
I
can
hear
you
talking,
I
just
couldn't
unmute
myself,
because
I
lost
my
window.
But
yes,
it
is
very
simple
and
I
really
just
wanted
to
like
raise
it
to
make
sure
it
got
scheduled.
I,
don't
know
if
you
know
we
need
to
have
a
whole
lot
of
discussion
about
it
or
not,
but
but
yeah
this
is
so
you
you
have
a
vulnerability,
you
you
add
it
or
whatever
it
gives.
C
You
just
miss
it
on
your
own,
your
future
branch.
You
say:
I,
don't
worry
about
this
it
at
that
point.
It's
still
just
a
finding.
It
hasn't
the
vulnerability.
First
custom
owner
ability
hasn't
been
created.
Yet
then
you,
then
you
merge
that
into
your
default
branch.
The
pipeline
runs.
We
create
the
vulnerability
without
that
change
that
finding
that
you
dismissed
will
now
become
a
detected
vulnerability
where
we'd
like
to
carry
that
across
and
say:
hey
you
dismissed
it
over
there.
It's
still
dismissed
here
and
that's
that's
what
this
is
about.
D
A
D
C
I
I
will
say
that,
like
when
we're
doing
the
the
migration,
which
is
a
related
issue,
but
not
this
issue,
we're
gonna
have
to
we're
solving
for
the
same
problem
where
we're
saying.
Okay,
let's
find
all
the
findings
that
were
dismissed
and
and
move
that
state
over
to
these
vulnerabilities.
So
it
is
something
that
we
could
redo
that
migration
or
whatever,
as
it
pertains
to
bringing
over
any
sort
of
dismissed
feedback
that
we
missed
during
that
time
frame.
C
A
Cool
it
sounds
like
we
all
have
a
solid
understanding
of
this,
so
Matt,
it's
just
so
no
planning
breakdown,
you
know
all
we
can.
We
can
think
about
flying
it.
It's
time
for
crew
mean
and
if
we
want
to
try
pull
it
into.
Twelve
ninth
will
have
to
look
to
see
if
something
else
needs
to
about.
Otherwise
we
can
talk
about
scheduling
it
for
a
future
release.
D
F
D
C
A
D
A
C
A
D
A
F
A
A
A
Okay,
so
back
to
our
three
questions,
and
we
understand
the
intent
of
the
requests
and
the
work
boundaries
I'm,
just
I'm,
just
gonna
keep
asking
questions
and
they
come
up.
This
is
this
is
something
that
lives
on
a
activity
window,
that's
shared
with
other
stages
correct.
Would
we
be
contributing
the
code
to
change
the
front-end
to
include
these
ourselves?
Are
going
to
be
working
with
I,
don't
know
exactly
what
stage
this
activity
window
falls
into.
A
Ross,
do
you
have
any
idea
about
this?
One
I'm
looking
at
anyone
who's
been
here
longer,
so
this
is.
This
is
sort
of
a
foreign
territory.
To
me
you
know
as
far
as
working
outside
of
our
own
boundaries,
but
it
feels
like
given
these
designs
that
the
boundary
is
outside
of
the
security
tab
within
the
product
and
then
also
from
a
back-end
perspective,
feeding
into
this
Activity
Feed,
yeah,
I,
guess
I'm
just
trying
to
understand
the
dependency
on
another
team
and
what
that
team
would
be.
C
As
far
as
the
the
backend
and
as
far
as
what
I
could
understand
from
what
LBL
had
already
put
into
the
issue,
we're
just
you
know,
feeding
data
into
already
existing
models
and
all
all
of
that,
so
I,
don't
I,
don't
think
we're
dependent
on
anyone
else,
but
the
I
guess
the
one
question
would
be
like.
How
do
we
populate
the
security
tab?
You
know
as
far
as
like
fetching
that
data
so
I
that
might
potentially
be
another
group
I'm,
not
sure
on
that.
So.
A
A
G
G
Without
looking
at
the
code,
that
can
either
be
something
really
easy
to
do
or
really
hard
to
do
if
the
tabs
on
the
top
are
basically
just
grabbing
the
list
and
then
performing
a
client-side
filter.
That
would
be
pretty
easy
to
do,
but
if
it
needs
like
a
completely
different
workflow
where
we're
hitting
a
different
API
endpoint
and
it
it
can't
use
any
of
the
already
like
the
the
format
that's
already
present,
and
we
need
to
create
a
new
one
to
display
these
items,
then
that
would
be.
That
would
take
more
time
to
do
so.
D
A
Okay,
all
right
so,
like
I,
said
in
the
future,
we're
gonna
be
combining
the
demo
meeting
with
with
this
meeting,
trying
to
reduce
the
amount
of
time
we
expect
you
guys
to
to
be
on
calls.
You
really
appreciate
this
early
feedback
on
issues.
I
think
it's
already
having
its
benefits
on
I.
Think,
at
least
for
me,
understanding
what
we're
building
and
I
hope
that,
as
we
start
executing
iterations,
you
guys
feel
the
same
way.