►
From YouTube: Secure::Static Analysis weekly meeting for 2020.11.30
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Welcome
back
whatever
the
rest
of
welcome
back
mr
cotter
theme
song
is,
I
can't
say
so.
I
don't
remember
all
the
words,
so
everybody
had
a
good
break
and
is
rested
or
beginning
to
be
rested,
so
we'll
we'll
get
into
it
and
we'll
get
into
the
agenda
and
we'll
move
forward,
because
this
is
pretty
packed.
The
main
thing
so
item
one's
read-only.
So
welcome
back
my
question
to
you
all:
is
your
currently
known
pto
booked
in
the
what
the
app
formerly
known
as
pto
ninja?
A
If
so,
if
not,
would
you
please
please
get
it
added,
so
we're
we're
all
we're.
We
are
already
working
at
reduced
capacity.
This
is
just
helping
us
lean
into
transparency
about
who
is
available
to
for
whatever,
as
we
get
towards
the
end
of
the
year
festive
period.
So
if
you
would
please
check
and
file
a
file
if
necessary
and.
B
Yeah
I
mean
actually
that
is
one
that
I
encourage.
Y'all
definitely
take
time
off,
we've
accomplished
so
much
this
year
really
do
recharge
your
batteries.
I
am
planning
to
do
that.
I'm
gonna
be
in
montana,
from
the
4th
to
the
29th
skiing.
My
hours
will
be
all
over
the
place.
So
if
you
need
me
direct
ping
me
and
there's
a
formal
vacation
there
in
there
as
well
so
definitely
do
feel
free
to
take
time.
A
Related
to
that,
because
of
the
amount
of
stuff
that
we've
actually
done
and
which
can
be
measured,
if
you
want
a
proxy
variable
for
how
much
stuff
this
group
of
people
is
responsible
for
releasing
into
the
wild,
we
can
take
a
look
at
the
number
of
release
posts
that
we're
responsible
for
and
we're
not
done
with
the
year
yet
and
that
intense
that's
actually
going
to
be
a
plan
for
one
of
these
weeklies,
where
that's
going
to
be.
A
The
entire
agenda
is
a
everything
that
we
did
just
kind
of
celebration,
so
so
more
to
come
on
that
once
we
get
it
organized
I'll
move
on
number
two,
so
doing
as
if
you
were
on
those
I'm
not
going
to
call
it
stage
wide
sub
department
wide
weekly
earlier
today,
there
was
a
note
from
me
that
the
new
and
improved
office
hours
is
is
happening.
A
It
starts
on
thursday,
so
link
to
that
issue
where
everything
has
gotten
set
up,
it
is
on
the
get
lab
team
meetings
calendar
supposedly
the
entire
company
was
invited,
so
you
might
have
gotten
a
meeting
invite
for
it,
so
it
launches
this
thursday.
Just
explicit
is
better
than
implicit.
Attendance
is
optional.
I
do
have
requests,
though,
and
it
has
to
do
with
demos,
so
we
do
a
pretty
decent
job
of
technical
demos
here,
but
there's
a
gap
and
that's
in
the
hands
of
those.
A
A
B
The
only
thing
I
would
say
is,
I
really
don't
know
what
to
expect
from
the
field.
Thomas
and
I
have
been
tracking
requests
that
come
in
from
us
from
all
over
the
company
and
trying
to
redirect
people
to
come
to
that
meeting.
We'll
see
how
successful
we
are.
I
think
it
might
take
a
week
or
two
for
people
to
get
in
the
habit
of
coming
to
that,
rather
than
asking
all
of
their
questions
in
slack,
but
we'll
see.
A
Okay,
moving
on
because
I
didn't
get
into
any-
I
didn't
get
serious
objections
to
this
couple
weeks
ago,
the
epic
workflow
and
and
the
the
liberal
arts
person
inside
me
is
hating
that
for
that
term,
because
it's
not
a
workflow,
but
it's
we're
officially
signed
up
to
trial
it
so
the
so
if
you
missed
that
or
missed
that
conversation
with
the
workshop
presentation
or
that
agenda
doc.
That
information
is
available
here.
A
The
I've
got
one
specific
epic
that
I'm
using
kind
of
as
a
sentinel,
and
that
has
to
do
with
mono
repo
support,
and
I
know,
there's
a
conversation
in
slack
about
whether
or
not
we
want
to
keep
calling
it
that
or
not.
But
so
that's
so
we'll
we're
going
to
try
this
out,
and
I
know
that
this
comes
with
constraints.
But
those
are
things
I
think
we
can
work
with
then.
But
I
would
appreciate
the
conversations
in
one
on
one's
word
issues
or
what
have.
C
Yeah,
so
it
opened
an
issue
quite
a
while
ago
about
getting
rid
of
sas
default,
analyzers
variable
and
moving
to
sas
excluded,
analyzers
there's
some
discussion
and
multiple
proposals
in
there.
But
you
know
we
don't
operate
on
consensus,
so
I
just,
but
I
just
want
to
make
sure
there
weren't
any
strong
objections
to
moving
forward
with
the
proposal,
as
is.
C
C
Yeah
yeah,
yes
yep,
but
one
of
the
proposals
involved
zero
variables.
So
until
we
decide
not
to
do
that,
you
know
no
need
to
figure
out
how
to
name
things,
because
it's
hard.
C
B
D
First
first
request
is
something
something
from
montana
when
you
get
back
so
something
something
you
found
on
the
slopes.
Maybe
all
right,
gotta
start
with
a
hard
one,
because
I
think
all
that
stuff
will
be
meltable.
E
Cool
this
one's
probably
read
only
but
in
case
anyone
has
a
comment
or
question
special
call
for
a
brainstorming
session
on
splitting
the
common
library
or
other
ideas.
This
was
in
the
secure
weekly,
but
this
is
scheduled
for
this
wednesday
and
it
probably
affects
our
stage
or
our
group
more
than
a
lot
of
other
groups
in
the
stage.
So
if
you
have
opinions,
please
bring
them.
E
D
Okay,
oh
I
found
my
stat
stage
strategy
is
that
it.
A
Nothing
like
those
the
the
meetings-
that's
that
sneak
into
your
calendar,
all
right.
A
Not
that
people
here
need
motivation
for
attending,
but
of
all
the
groups
that
are
impacted
by
changes
to
common
as
it
currently
stands.
This
one
is
that
this
one
is
impacted
the
most
just
because
we
subscribe
to
it
the
most
so
anything
that
we
can
do
to
to
figure
out
a
way
to
help
us
approach
it
more
safely
is
a
good
idea
is
a
good
thing.
So
thank
you,
lucas
for
organizing
this
all
right.
A
On
a
less
serious
note.
It
is
since
we're
entering
the
end
of
year
festive
period
and
we're
not
all
in
one
physical
location,
nor
is
it
safe
to
be
so
this
year
is
any.
Might
anyone
be
interested
in
like
a
virtual
happy
hour
in
the
next
couple
of
weeks.
A
It's
you
can
bring
a
beverage
or
whatever
of
your
choice,
no
so
similar
to
a
coffee
chat
but
it'll
be
towards
the
evening
and
some
more
information
to
come
on
that
and
we'll
do
something
I
this
is.
This
is
a
question
on
whether
or
not
I
can
figure
out
what
to
do
and
yeah
so
I'll
start
working
on
it.
A
B
B
It's
not
that
scary,
it's
very
accomplishable.
It
changes
a
lot,
which
is
why
I
don't
want
to
put
it
into
issues.
So
my
thought
basically
is
that
this
epic
is
where
you
come
for
all
things:
planning
we'll
keep
a
running
list
in
the
epic
description
of
just
all
the
things
we're
thinking
about
as
it
moves
around
and
then
as
a
release
up.
B
It
comes
up
I'll,
pull
whatever
the
release
is
into
its
own
planning
issue
off
of
the
top
of
that
list
and
keep
all
of
those
planning
issues
linked
in
the
epic
tree.
That's
kind
of
my
current
working
thought
and
then
I
plan
to
link
that
into
the
direction
document,
and
all
of
that
so
yeah
take
a
look
at
the
13.8
stuff,
we're
keeping
it
intentionally
light.
Hopefully
there
aren't
any
real
surprises.
B
I
do
want
to
start
actually
getting
those
deprecations
announced,
so
that
might
be
worth
like
actually
doing
in
13.8,
so
yeah
feel
free
to
add
comments
or
questions.
It's
very
much
a
proposal
at
the
moment,
but
kind
of
where,
where
my
head
is
at
any
thoughts
on
that.
B
The
other
thing
related
to
this
I've
kind
of
become
frustrated
with
my
own
organization
of
our
issues
and
all
of
the
hierarchy,
trees
that
we've
gotten
like
the
keep
sas
updated
epic,
that
kind
of
is
just
where
I
dump
things
so
over
the
holidays.
I'm
probably
gonna
move
a
whole
lot
of
issues
around
and
rethink
how
I've
structured
organizing
all
of
this-
I
don't
know
what
that
looks
like,
but
if
you've
got
ideas
of
how
you
wish
things
were
organized
now's.
B
B
Mind,
okay
and
then
moving
on
the
aws
project,
so
the
meeting
with
aws
last
on
the
third
on
the
15th
of
november
went
really
well
they're,
very
happy
with
where
we're
at
we're.
Considering
this
escalation
closed
in
general,
I
know
we
still
need
to
do
some
some
cut
over
to
their
new
api.
B
B
I'm
gonna
have
the
alliances
team
reach
out
to
some
of
the
other
cloud
vendors
to
explore
their
interest
in
integrating
with
this,
but
in
general,
everyone
around
the
org
is
very
thrilled
with
how
this
has
turned
out.
I
think
this
was
a
shining
moment
for
static
analysis.
Gets
things
done
so
great
work
on
this?
I
did
want
to
see
what
is
left.
I
know
we
need
to
cut
over
to
their
production
service,
and
I
know
that
there's
a
little
back
and
forth.
We
need
to
have
with
devore
to
get
him
to
approve
that.
F
So
I
can
talk
about
what
is
left
so
right
now,
so
we
are
testing
with
the
srs
dev.
That
means
the
dev
environment,
with
automation,
teams,
implementation
and
it's
working.
Fine
like
we,
the
rails
is
sending
production
traffic
to
dev,
environment
and
development
is
sending
the
traffic
to
aws
epic
actual
aws
service,
and
we
tested
with
both
aws
team
and
the
automation
team
that
it's
working
fine.
F
Now
after
more
testing,
maybe
we'll
we
can
switch
to
the
production
environment,
but
I
think
the
production
environment
is
not
ready,
yet
their
work.
Automation
team
is
working
on
that
to
make
the
production
environment
ready
and
I
think
that
will
be,
they
will
switch.
They
will.
F
Actually
hand
over
their
work
to
another
team
because
they
need
to
monitor
the
production
environment
using
different
like
tools
by
releasing.
Maybe
that's
why
they're
taking
this
much
time,
but
from
our
side
we
are
ready.
We
just
need
to
switch
different
urls,
that's
it
like.
We
are
ready.
We,
it
looks
like
we,
it's
everything
is
working
fine
and
there
are
some
minor
follow-ups
that
we
can
address.
That
is
that
is
that
we
can
do
in
parallel.
We
it
will
not
hamper
the
regular
release.
F
Yeah
does
that
that
that
is
the
thing
that
that
is
left
over
all
right.
Okay,.
B
Yeah
I've
been
following
that
follow-up
issue.
I
thought
the
production
readiness
review
process
was
interesting.
I
had
not
seen
that
before,
so
it
might
be
worth
y'all
just
taking
a
look
at
at
it.
Just
because
I
didn't
know
it
existed,
it
sounds
like
the
secure
automation
team
is
going
to
handle
getting
that
ready.
F
Yeah,
I'm
not
sure
about
that.
That's
why
I
asked
that
question
who,
who
is
actually
taking
that
over?
So
am
I
supposed
to
write
that
or
other
team?
I'm
not
sure
the
main
purpose
of
that
release
review
is
what,
if
anything
happens
with
the
sidekick
job,
okay,
who
is
going
to
handle
that
and
how
we
can
mitigate
the
incident.
F
B
Part
of
that
will
depend
on
if
we
are
going
to
pursue
other
integrations
with
other
cloud
vendors
and
who
will
actually
go
and
do
that
integration
and
I'm
trying
to
make
the
answer
not
be
us.
So
we'll
see
how
successful
I
am
there,
but
yeah.
If
we
want
to
write
something
up
in
terms
of
the
the
like
steps,
we
would
need
to
take
or
any
abuse
or
any
like
failures,
that's
probably
worth
doing,
and
then
just
pencil
in,
like
a
a
tbd
of
who
would
actually
go
and
do
that
work.
B
A
A
I
would
be
uncomfortable
and
it
would
be
inappropriate
for
us
to
write
a
run
book
for
things
we
did
not
write,
so
I
would
expect
this
to
be
a
part
of.
I
would
expect
definition
of
done
to
include
run
books
for
the
parts
that
everybody
was
responsible
for
delivering
is
is
the
way
that
I
would
phrase
this,
so
I
will
push
for
and
would
expect
us
to
write
documentation
for
a
production
readiness
review
if
we
need
to
get
that
formal
for
the
sidekick
worker
and
everything
that
delivers
data
to
it.
G
F
Actually,
yeah
taylor
answered
the
question,
so
we
don't
have
any
judgmentary,
but
we
have
graphana
monitoring
of
the
sidekick
job,
so
we
can
look
into
the
queue
size
and
we
can-
and
another
thing
is
like
that-
is
not
relevant
through
using
kibana.
We
can
also
see
the
different
exception,
but
we
don't
have
any
metric
monitoring
like
yeah.
A
This
is
a
support.
It's
just
a
matter
of
being
able
to
monitor
if
things
are
getting
backlogged
or
if
there's
or
if
something
just,
if
there's
there's
no
traffic
and
if
things
are
looking
normally
quiet,
that's
it's
looking
for
outliers
and
so
that
that's
that's
step.
One
looks
like
we've
got
it,
so
thank
you.
Okay,.
E
I
said
if
you
could
double
check
that
link.
I
posted.
I
think
that
should
have
the
right
filters
for
the
psychic
you,
but
I'm
not
entirely
sure,
since
it
doesn't
look
like
it's
finding
anything.
Okay.
Sure
thanks.
B
B
I'm
gonna
butcher
this,
so
apologies
with
the
shift
of
some
of
the
data
team
organization
changing
that
was
announced.
I
think
two
weeks
ago
wayne
is
taking
over
some
of
that
team
with
wayne
having
a
mind
of
secure
features
and
having
direct
interactions
with
the
data
team.
I
think
we'll
see
a
lot
more.
B
How
do
I
want
to
put
advocacy
and
effort
for
tracking
some
of
the
more
unique
aspects
of
the
secure
side
of
the
house
so
know
that
I'm
definitely
watching
where
we're
going
with
that,
and
I
think
we'll
we'll
have
some
additional
expanded
metrics
in
the
the
not
so
distant
future
I'll
see.
If
I
can
find
that
issue
for.
B
F
A
Yeah,
thank
you
if
you
need
access
or
needing
some
sort
of
I
need.
If
you
want
me
involved,
I'm
happy
to
help
all
right.
B
Oh,
it
was
among
us
nice,
I
will
say
once
you
play
it.
I
have
definitely
used
sus
in
my
vocabulary,
which
is
really
weird.
It
was
fun
you
can
play
it
on
a
whole
lot
of
different
platforms,
so
we
didn't
have
any
issues.
It
was
entertaining
we're
gonna,
do
it
again,
so
something
might
make
sense
for
the
holiday
happy
hour
or
whatever
we're
planning
yeah.
I
There's
a
hack
to
get
it
working
on
a
mac
through
the
google
store.
You
can
do
a
web
search.
Otherwise
you
have
to.
I
don't
even
think
it's
supported,
like
steam
is
only
windows,
so
you
have
to
default
to
the
web
view
it's
kind
of
crappy,
but
there's
a
way
to
get
it
emulated.
Just
fine.
My
kid
uses
it.
D
G
I
just
want
to
quickly
call
attention
to
the
read
only
so
one
is
that
I'm
requesting
feedback-
it's
all
anonymous,
but
I'm
going
to
be
looking,
I'm
working
towards
a
promotion
in
2021,
so
any
feedback
about
how
I
can
better
support.
You
all
is
definitely
most
appreciated.
G
You
can
go
into
that
survey
and
just
leave
like
things
that
you
like
that,
I'm
doing
or
things
that
you
wish
to
see
more
of
from
the
design
developer
relationship.
Really
any
any
feedback
at
all
is
is
most
welcome
and
all
of
the
I
think,
there's
like
five
or
six
questions
in
there.
They're,
not
all
required.
If
you
just
want
to
go
through
in
one.
G
But
again
it's
all
anonymous,
and
the
second
thing
is,
I
just
added
a
bunch
of
design
issues
that
are
currently
being
worked
on,
and
I
added
a
note
after
each
one,
so
neil
and
I
chatted
last
week
and
thought
it
might
be
helpful
to
include
those.
G
The
last
sentence
also
includes
my
a
link
to
my
static
analysis,
ux
epic,
so
you
can
also
follow
along
with
that.
I
add
everything
that
I'm
working
on
or
looking
to
work
on.
Soon
in
that
epic
and
then
once
it
is
ready
for
implementation,
the
epic
will
change,
but
it'll
still
be
a
related
issue
in
the
epic.
I
need
to
make
sure
that
that's
all
working
properly
but
yeah.
G
These
are
all
the
design
issues
that
I'm
looking
at
that
are
specifically
related
to
static
analysis,
with
maybe
the
exception
of
the
group
level
security
dashboard
widget
that
I'm
doing
some
explorations
on.
But
if
you're
curious
about
what
I'm
up
to
that's,
that's
all
it
and
feel
free
to
go
in
and
add
any
feedback
that
you
may
have.
B
But
then,
as
we
finalize
designs
and
create
a
proper
implementation,
epic,
we
would
take
the
issue
from
the
ux
analysis
or
the
ux
epic,
move
it
to
the
implementation,
epic
and
create
a
technical
discovery
issue,
so
that
we
have
less
of
the
like
convoluted
conversations
in
the
parent
epic,
for
an
implementation
where
we
end
up
like
changing
designs
and
changing
technical
approach,
and
all
of
that
so
we're
trying
to
like
really
separate
those
concerns.
So
that
design
discussions
happen
in
a
singular
issue
and
then
have
a
clean
epic
tree.
B
A
All
right
we're
a
little
bit
over
time,
I'll
I'll
save
my
poking
at
language
around
epics
and
the
number
of
times
we
said
the
word
epic
and
trying
not
to
turn
that
into
a
drinking
game
so
but
in
any
case
happy
monday
hope
everybody.
Thank
you
welcome
back.
I
will.
I
hope
you
have
a
good
rest
of
your
week.
We'll
talk
soon,
see
ya.