►
From YouTube: Threat Insights Weekly Group Discussion
Description
Weekly meeting for the Secure:Threat Insights group
A
Hello,
this
is
threadingsite's
weekly
group
discussion
and
looks
like
I'm
running
it,
so
I'm
going
to
start
with
the
agenda
follow
up
from
previous
discussions.
What
a
coincidence
everything
is
my
my
own
entry.
A
A
A
So
this
was
one
that
wasn't
refined
and
I
think
daniel
might
have
had
it
and
now
he
does
have
a
weight.
Amazing.
A
B
A
B
C
Yes,
yeah
daniel
first
pointed
out
that
all
the
implementation
things
sort
of
need
to
happen
sequentially,
and
so
it
didn't
make
sense
to
split
up
into
like
blocking
more
blocking
issues,
so
blocked
issues.
So.
A
D
B
A
B
A
B
So
we
may
want
to
check
with
him,
because
I
know
we
also
had
a
problem
as
we
started
to
break
things
down
further
in
the
past,
that
we
want
to
be
very
careful
about
what
we
put
the
ux
label
on
and
what
we
keep
assigned
to
him.
So,
at
their
the
very
least,
the
high
level
nbc's.
The
feature
issues
I
don't
know
of
all
of
those,
but
we'll
figure
out
that
with
him.
A
This
is
one
that's
with
savage.
He
probably
haven't
hasn't
had
time
to
go
there.
Yet
we
are
looking
to
move
this
to
thirteen
three.
So
oh
yeah,
I
actually
moved
it
to.
D
Thirteen,
oh
you
did
for
just
because
I
think
so.
This
is
the
work.
That's
going
to
extend
into
actually
redoing
all
of
the
vulnerability
list:
components.
Okay,
we
haven't
tackled
that
yet
for
the
project
level.
So
I
think
if
we
can
refine
these
now,
that's
fantastic,
but
I
don't
expect
this
one
and
the
other
related
one
for
30.
A
D
Yes,
because
this
one
is
actually
moving
to
tab
based
filters,
so
this
is
more
fundamentally
restructuring
the
vulnerability
list
or
the
report
page
itself,
and
this
was
something
that
I
saw
for
doing
in
13
4,
starting
with
a
project
level
and
then
rolling
it
up
through
the
group.
In
the
instance,
once
they're
split
out
into
separate
pages.
B
So
I'm
trying
not
to
talk
too
much,
so
I
think
let
me
it's.
B
I
know
it's
really
hard
for
me.
I
chatted
with
matt
about
this
and
so
from
a
high
level
in
133.
We
want
to
do
the
restructuring
of
the
pages.
We
want
to
split
all
of
the
dashboards
into
the
two
separate
pages
and
make
whatever
changes.
We
need
to
make
I'm
a
little
unclear
on
the
project
one,
but
this
is
instant.
So
daniel
has
a
lot
of
stuff
assigned
him
for
refinement
right
now.
I'm
sure
he's
gonna
get
to
it
and
we'll
we'll
get
a
wait
on
it.
B
A
B
A
B
For
everyone
else
on
the
call,
that's
sort
of
the
theme
of
3,
at
least
from
the
front
end
perspective.
It
appears
and
I
could
be
missing.
I
know
there's
some
stuff,
that's
a
work
in
progress
that
got
rolled
over
from
13
too,
but
our
big
focus
is
bringing
this
consistency,
the
dashboards
and
changing
the
navigation
to
make
them
separate
pages
from
the
reports.
A
D
If
we
think
that
there's
capacity
yeah,
I
think
it
would
be
great
that
first,
one
is
really
the
only
thing
that
I
would
say
I
would
push
really
strongly
for,
since
it
actually
establishes
a
the
new
left-hand
navigation,
so
that
would
be
a
great
first
increment.
This
is
just
kind
of
continuing
to
iterate
forward.
A
Well,
we're
not
we're
not
talking
about
deliverable
labels,
yet
so
don't
get
too
excited.
D
A
B
This
to
me
falls
into
the
same.
I
think
I
mean
I'm
looking
at
alexander.
I
know
that
there's
been
some
conversation
about
this
today.
Sorry,
I
know
I'm
putting
you
on
the
spot,
but
does
this
fall
into
that
same
work
around?
You
know
splitting
up
the
dashboards
and
to
two
pages
and
unifying
them
in
thirteen
three.
That's
how
I
viewed
this
because
we've
already
got
this
edit
page
for
the
instance
dashboard
we'll
be
splitting
the
widgets
and
the
report
into
two
different
pages.
So
this
is
a
third
page.
On
top
of
that,.
C
Yeah
this
one-
I
don't
care
so
much
about,
because
the
edit
button
doesn't
take
up
any
real
estate
from
the
vulnerability
list,
which
is
the
number
one
thing
I
care
about
is
getting
the
vulnerability
list.
Looking
the
same
on
all
three
pages,
so
we
can
start
making
the
changes
to
it
that
propagate
to
all
three
of
them
without
having
to
like
toggle
stuff
on
and
off,
and
this
one
like
the
edge
button,
sits
above
it.
I
I
don't
care
when
this
this
one
happens
really,
but
it's
gonna
happen
after.
A
Let's
do
this
I'll
I'll
leave
it
13-3,
at
least
until
he
has
a
a
weight
and
if,
if
it's
looking
a
little
bit
too
heavy
lindsay
you
and
I
can
can
kick
it
out-
mid
iteration.
D
C
E
Sure
so
appreciate
matt
and
everyone
humoring
me
on
this,
as
I
kind
of
look
across
metrics
and
things
so
I
didn't
know,
but
that's
okay.
E
The
good
thing
is
that
thiago
and
lindsey
and
matt
and
others
knew
that
we
were
intentionally
focusing
on
tech
debt
for
the
last
couple
releases
and
small
ui
enhancements,
but
you
three
were
on
the
same
page
yay.
I
missed
that
detail,
but
that's
that's
if
three
people
need
to
be
on
the
same
page,
it's
you
three.
So
what
I
want
to
understand
is
what-
and
I
don't
disagree
with
that
at
all
right
and
that's
that's!
That's
your
that's
your
decision
of
you,
three.
E
What
I'm
trying
to
figure
out
is
what's
planned
next
and
understand
that
so
I
went
to
the
epics.
That's
not
necessarily
a
great
way
to
do
it.
I
noticed,
like
the
container
security
team,
has
like
a
planning
issue
that
has
just
like
lists
of
things
in
it.
I
don't
know
if
that's
a
better
way,
it's
just
a
different
way.
So
how
do
I
determine
what's
next?
What
are
the
next
priorities
for
the
team
when
we
start
there.
A
D
Yeah,
no,
that's
fair.
I
think
I'll
start
with.
I
need
to
do
a
better
job
of
sort
of
figuring
out
a
good
way
to
present
something
a
little
longer
term.
It
definitely
is
more
release
to
release
feeling
than
it
should
be.
I
have
not
figured
out
a
great
way
in
our
tool
to
actually
have
a
good,
solid
road
map
view.
So
the
list
that
you
pointed
to
wayne
right
below
that
under
epics
there
is
a
roadmap
tab.
You
can
apply
the
same
sort
of
filters
to
it.
It's
okay!
D
B
D
Yeah,
it's
just
not
as
first
of
all,
I
think
part
of
the
challenge
is
it's
not
linear,
since
you
can
only
have
a
one-to-one
relationship
with
issues
in
epics,
it's
not
always
going
to
be
we're
only
working
within
this
particular
epic
for
the
next
three
iterations.
It
just
doesn't
make
sense
to
work
that
way.
So
it's
going
to
be
a
little
bit
more
of
a
collection
of
certain
things
and,
as
you
can
see
here,
like
they're
kind
of
out
of
order,
because
it
made
sense
to
tackle
these
earlier
than
later.
A
B
D
We
can
potentially
move
things
around
that
way.
I
guess
I'm
just
really
sensitive
to
the
list,
because,
first
of
all
this,
I
do
not
like
the
way
that
this
interaction
works.
You
can
accidentally
nest
things
and
it
can
screw
up
some
of
the
other
stuff
inside
when
you
move
them
around.
It
doesn't
do
anything
with
the
dates,
though,
so
it's
now
the
start
date
and
the
due
date,
I
think,
is
what
needs
to
be
a
little
bit
more
reflective
of
that.
D
I
guess
the
answer
is.
I
don't
have
a
great
answer
honestly
wayne,
I've
kind
of
struggled
with
how
the
tool
organizes
things
and-
and
I
would
be
open
to
suggestions
for
how
I
can
lay
this
out.
E
And
I
I
do
care
about
how
the
tool
works
with
it.
I
care
more
or
however,
I
care
about
more.
What
it
is
then,
which
I
know
those
are
two
related
questions,
so
the
I
guess
does
this:
have
all
the
things
we
want
to
do
by
january.
D
E
Everything,
at
least
for
everything
you
planned
for
the
rest
of
the
fiscal
year
this.
This
is
a
subset
of
that,
knowing
that
there's
another,
if
I'm
understanding,
there's
also
an
unknown
of
we
get
feedback
from
customers
from
users,
etc
and,
of
course,
plans
change.
So
you
know
taking
that.
Aside
of
the
unknown,
which
we
have
known
unknowns
of
things
like
that,
this
is
this
is
what
we
want
to
do
to
get.
This
is
more
than
what
we
want
to
do
to
get
to
the
next
level
of
maturity
for
vulnerability
management.
E
And
it's
me
the
reason
I'm
asking
is
I
I
want
to
know-
and
you
know
just
think
out-
further
gen.
You
know
to
january
and
beyond,
like
how
do
we
feel
about
how
we're
you
know
about
getting
to
where
we
want
to
get
you
know,
etc
and
also
just
make
sure
I
understand
I
understood
at
a
high
level
when
we
talked
about
it
last
a
couple
months
ago,
maybe
two
months
ago
now
I
can
look
at
more
detail.
E
I'm
happy
wayne,
knowing
that
in
in
all
all
the
all
the
details,
not
as
important,
I
want
to
get
a
feel
for
kind
of
a
you
know,
one
medium
distance
from
it
where
you,
where
you,
where
you
folks,
are
in
the
details,
all
the
time
so
I'll
review
this,
and
I
think,
if
you
could
make
it
so
that
the
things
that
are
active
are
showing,
as
you
know,
active
now,
and
the
things
that
we
haven't
started.
E
Maybe
they
don't
show
exactly
when
you're
thinking
they
will
start,
but
they
don't
show
now
that
that
would
help.
I
don't
quite
follow
the
last
part
so
like.
If
you
go
to
the
roadmap,
tab
thiago,
please.
So
it
shows
everything
in
flight.
E
Well,
everything
except
for
the
last
item
in
flight:
oh
gotcha,
yeah
yeah.
So
if
you
could
like
change
this
well
change
the
start
date
of
things
that
are
not
in
flight
yet
to
some
time
out
in
the
future,
then
because
I'll
look
at
those
things
first,
I
want
to
understand
what's
in
flight,
what's
next
and
what's
after
kind
of
in
that
order,
that'd
be
very
helpful.
D
I
can
certainly
do
that.
Okay
I'll
say
with
the
big
caveat
of
as
we've
gotten
further
in
the
user
research.
A
lot
of
this
is
sort
of
moving
around.
This
was
more
like
a
collection
best
guess
at
the
time,
as
opposed
to
say,
a
well-researched,
sequenced
plan,
which
is
why
I
didn't
put
too
much
stock
on
the
dates,
but
we're
getting
to
the
point
where.
E
A
Cool,
I'm
matt
I'll
I'll.
Let
you
drag
this
thing
back
to
his
place,
I'm
not
afraid
of
dropping
it
in
the
wrong
spot
and
and
messing
it
all
up
lindsay-
and
I
were
talking
about
this
yesterday-
wayne
it's
very
apropos
we
we
we
were
having
the
same
question.
The
not
everybody
loves
the
the
priority
issue.
I
found
it
super
useful
but
yeah
it's
a
bit
of
a
hack
and
it's
not
for
everyone,
so
work
with
matt.
D
What
about
a
mid-range
solution,
though?
I
think
what
I
feel
like
I'm
missing
too
is
what
we're
working
on
in
the
current
iteration
pretty
straightforward,
and
then
you
can
kind
of
look
out
to
what's
what's
gotten
pushed
to
the
next
iteration
and
then,
if
you
look
from
a
really
high
level,
it's
easy
to
see.
This
is
like
a
big
collection
of
stuff.
B
B
If
we
could,
we
could
use
this
as
a
source
of
truth,
with
at
least
some
confidence
that
the
relative
priorities
are
set.
You
know
you
can't
expand
these
and
see
what
milestone
things
are
in.
We
could
decide
to
start
making
use
of
the
health
tracker
right
the
on
status
at
risk,
and
done
I
mean
I'm
sure
the
road
map
is
also
as
useful,
but
I
would
love
to
use
our
product.
I
guess
is
what
I'm
saying.
A
D
I
can
certainly
do
that
then
make
sure
that
what
is
in
that
view
and
I'll
always
refer
people
back
to
it,
so
I've
kind
of
got
everything
laid
out
for
the
bible
and
then
the
complete
plan
inside
of
there
you're
going
to
see
things
changing
around.
But
it's
I'd
say
over
the
last
month.
It's
stabilized
a
lot
more,
it's
more
like
individual
issues
and
smaller
feature,
requests
and
tweaks,
as
opposed
to
like
big
chunks
of
work.
E
Right
so
by
yep,
so
I've
been
using
our
standalone
vulnerability
features
as
for
a
set
of
open
source
projects.
I've
been
looking
at
and
it
worked
pretty
well,
so
I
was
kind
of
testing
the
set,
the
security,
the
rest
of
the
secure
teams,
features
of
scanning
code
for
vulnerabilities
and
for
secrets,
and
things
like
that
and
then
looking
at
the
vulnerabilities
and
the
license.
Sorry
another
license
the
package
dependency
stuff,
and
that's
actually
how
I
noticed
yesterday
that
that
bug
that
got
introduced
as
I
was
seeing-
no
vulnerabilities.
E
It
was
because
of
the
bug
actually
not
because
there
were
no
vulnerabilities
that
the
bug
that
since
been
fixed,
it's
been
actually
a
pretty
cool
experience.
Things
work
pretty
well,
so
I
just
want
to
pass
that
on
to
the
team.
I
do
have
some
I'm
I'm
still
thinking
about
some
some
feedback
on
some
potential
improvements.
I
wouldn't
say
they're
bugs
just
more
I've
kind
of
saw
it
this
way,
and
I
have
this
idea.
E
You
know
on
this
kind
of
thing
so
but
overall
worked
out
and
alexander,
I
told
you
something
earlier
that
actually
is
not
true
the
dependency
stuff.
I
was
wrong
about
that.
It
does
show
up
as
vulnerability,
so
the
package
dependency
shows
up
as
a
separate
list.
They
also
show
up
as
vulnerabilities.
I
was
seeing
no
vulnerabilities
because
of
the
vulnerability
bug
not
because
they
weren't
showing
up
so
so.
E
I've
been
using
both
sides,
both
the
vulnerability
dashboards,
the
individual
vulnerabilities,
creating
an
issue
out
of
something,
and
then
I
know
we're
not
working
on
the
the
package
dependency
list
that
has
vulnerabilities
that
functionality
yeah,
but
I
used
that
as
well
and
so
far
so
good.
So
it's
fun
to
pass
that
on
I'm
trying
to
I'm
playing
I'm
trying
to
dog
food.
It
myself
as
well,
and
it's
neat
stuff
job
well
done.
C
E
Okay,
the
dependency
list
gives
you
things
also
that
it
found
that
are
not
that
don't
have
any
security
issues
it
gives
you,
which
is
useful
too,
like
what
packages
are
using,
whether
they
have
vulnerability
issues
or
not.
It
also
actually
gives
you
the
license
like
which
open
source
license,
which
is
very
useful
to
some
some
some
companies
like
they
want
to
make
sure
they're
only
using
certain
types
of
licenses
and
not
other
types.
So
anyway,
oh
what.
C
Oh,
I
just
added
the
vendor
to
the
scanner
column
in
both
the
pipeline
security
tab,
as
well
as
the
project
security
dashboard.
So
now,
if
it's
from
gitlab
like
the
dash
or
sas
scanner,
then
says
gitlab
underneath
it.
If
there's
a
custom
scanner,
it
will
say
whatever
they
have
configured
in
their
custom
scanner,
yaml
file
or
whatever.
D
Can
we
hop
back
up
alexander
looks
like
you
had
started
typing
a
question
around
the
user
research.
I'd
love
to
hear
more
about
that.
That's
a
great
question
and
a
great
point.
I
know
we
did
the
sort
of
strategy
review
session
a
couple
months
ago.
It
seems
like
I
want
to
make
sure
that
I'm
not
over
presenting
information,
that's
not
useful,
but
at
the
same
time
I
know
that
there
are
a
lot
of
things
that
I
may
have.
Access
to,
or
sort
of
be
involved
with
the
team
doesn't
always
get
to
hear.
A
C
Did
they
say
they
wanted
threat
insights
to
be
part
of
the
defend
stage?
You
know
they
they
did
not.
Sadly,.