►
From YouTube: Alpha Omega Project Public Meeting (February 8, 2023)
Description
A
C
D
D
C
All
right
well
welcome
everyone
to
the
February,
8th,
Alpha
Omega
public
meeting,
as
you
can
tell
my
voice
is
a
little
bit
hoarse
today,
but
we're
going
to
get
through
it.
So
as
as
usual
q,
a
there's
lots
of
questions,
I
think
like
force.
Two-Thirds
of
the
folks
on
the
call
are
directly
on
the
project.
So
if,
if
you
run
out
of
questions,
we
can
give
everybody
time
back.
If
not,
we
can
just
chat.
C
D
C
Position
that
he
was
on
Alpha
Omega,
so
Bob
Calloway
who's
been
well
Bob
and
Brian
are
both
from
Google
they've.
Both
been
it's
just.
You
know
involved
in
open
ssf
for
a
long
time.
Bob
is
the
like
appointed
single,
like
personal
contact
for
Google,
for
Alpha
Omega,
going
forward
Brian's
supporting
him,
so
I
feel
good
about
this.
I
don't
feel
like
it.
It
doesn't
change
the
mission,
it
doesn't
change
the
focus.
C
We
are
looking
at
a
couple
more
for
if
I
were
to
guess,
I
would
say
possibly
by
the
end
of
March.
We'd
have
something
to
announce
similar
similar
in
these,
but
we
don't
want
to.
You
know,
talk
about
them
until
we're
we're
further
along
in
the
process,
but
that
does
actually
raise
an
interesting
point
on
like
are
we
like?
Do
we
have
the
right
funnel
to
consider
the
right
consider
the
right
projects
so
right
now?
It's
a
combination
of
us
reaching
out
to
projects
and
projects
reaching
out
to
us.
E
Yeah
I'm
sorry
I
can't
answer
that
question.
Even
though
I
I
can
kind
of
confirm
that
this
is
a
very
interesting
one.
I
was
just
wondering,
like
you,
have
these
engagements
they're,
basically
on
on
Foundation
level,
so
I
think
all
of
them
have
potentially
tons
of
different
projects
underneath
so
I
don't
know
if
that
is
part
of
the
the
updates
that
you
host
on
GitHub.
C
So
so
the
reason
so
so
Eclipse
you
know
they're
at
the
beginning,
you
know
they're
all
slightly
well,
they're
all
very
different
from
one
another
part
of
the
reason
for
like,
for
instance,
for
jQuery,
one
of
the
reasons
for
jQuery
like
Beyond,
like
it
on
the
surface
being
a
critical
project,
and
all
that
was
because
it
was
different
than
the
others.
All
the
others
were
Foundation
supported,
I
mean
notice,
probably
in
a
similar
category
as
jQuery,
but
like
Eclipse.
C
We
were
kind
of
informed
by
that
the
list
that
they
have
of
the
top
hundred
most
of
I,
don't
say
most
that
if,
if
you
look
at
that
list
and
look
at
the
list
that
we've,
you
know
the
list
here
on
the
screen,
there's
a
big
overlap.
So
they
kind
of
make
sense
like
we
aren't.
You
know,
I,
don't
I
hope
we're
not
choosing
projects
that
don't
matter,
but
there's
a
huge
list
of
projects
that
really
do
matter.
C
C
We
want
it
to
be
I,
don't
know
50
or
25
or
some
number
more
than
five,
but
in
order
to
scale
that-
and
this
comes
comes
down
to
like
the
the
strategy
that
we
have,
which
is
help
help
these
foundations
build
capacity
themselves
on
an
ongoing
like
budgetary
base.
So
we
had
an
off
site
last
week
and
we
were
chatting
about.
You
know
some
of
the
ways
that
we
could
do
this
and
we
talked
about
like.
C
Could
we
do
matching
funds
so,
instead
of
giving
you
know
the
full
amount,
we
say
we
will
give
75
of
whatever
you
get
elsewhere
up
to
some.
You
know
capped
amount
or
something
just
to
kind
of
put
start,
putting
a
gentle
pressure
on
these
foundations
to
diversify
their
inbound
fundraising
for
security,
because
at
the
end
of
I,
don't
know
2025.
If
we
have
25
critical
projects
that
every
year
their
security
depends
on
us,
writing
them
a
check.
I
think
we've
failed
the
ecosystem,
so
I
I.
B
Don't
mind
I
probably,
should
rephrase
that
question
okay,
yeah,
I
I
agree
with
that
with
everything
you
said,
I
I
think
also
in
in
at
least
some
of
the
discussions
that
we've
already
had.
That
has
been
interesting.
Yes,
do
find
and
fix
specific
vulnerabilities
that
that's
important,
that's
a
good
thing,
but
also
you
know
trying
to
help.
You
know
make
changes
to
that
their
own
processes
automatically
detect.
You
know
it
basically
help
them
make
changes
so
that
future
similar
problems
can't
ever
happen
in
the
first
place.
B
I
I
love
what
the
what
the
airline
industry
does,
where
every
time
there's
not
just
an
accident,
but
something
that
is
a
that
that
could
have
if
other
things
had
gone
wrong,
become
an
accident
step
back
and
ask
what
happened.
Why
and
we're
not
here
to
beat
up
people
we're
here
to
figure
out
how
we
can
change
things
to
make
that
even
less
likely
in
the
future
and
if
we
just
if
we
all
as
a
larger
Community,
do
that
these
these
problems
are
just
going
to
slowly
be
squished
out.
C
Yep
I
absolutely
agree,
I
mean
I,
think
the
problem
that
a
lot
of
these
foundations
or
larger
projects
have
in
general,
not
just
the
foundations,
is
you
know
they,
and
this
is
true
for
organ
for
commercial
companies
too.
They
tend
to
be
in
kind
of
jumping
from
crisis
to
crisis.
So
a
a
big
vulnerability
happens.
It's
scramble
like
the
first
order.
C
Businesses
get
the
thing
fixed
that
that,
like
longer
root
cause
analysis,
let's
steer
the
ship
in
a
slightly
different
direction
so
that
so
obviously,
since
in
the
future,
it's
there's
that
it's
the
I
don't
know.
Cobbler's
son
is
the
right
right
there
and
that,
but
it's,
but
it's
like
it.
That
is
always
second
tier
to
either.
You
know
Feature
work
like
actually
doing
the
thing
that
you're
in
business
to
do-
or
you
know,
responding
to
crises
and
I.
C
So
so,
in
addition
to
just
kind
of
making
security
releases
and
Bug
Sexes
and
and
vulnerability
detection
and
installing
code
scanners,
it's
like
the
the
look
at
it
holistically
and
and
improve
things
over
time
and
I.
Think
eclipse
is
the
one
that
comes
to
mind
in
particular
that
you
know
with
a
lot
of
what
they've
done
with
you
know,
running
scorecard
looking
for
I
think
they've
already
started
on
salsa.
C
C
F
F
C
We
absolutely
need
to
do
that
if
animals
on
the
call
I
would
I
would
ask
her
to
like
make
sure
that's
highlighted
on
the
Trello
board,
I
mean
because
so
so
some
of
the
tools
are,
let's
see
so
so
the
the
analyzer
is
definitely
usable
to
the
point
that
a
video
demo
and
some
better
better
docs
on
how
to
use
it
would
be
helpful.
We
should
absolutely
do
that.
We
should
do
that
like
really
soon
actually.
D
F
F
C
E
F
B
B
You
know,
I'm
always
big
on.
You
know
a
small
cost,
big
benefit
stuff.
So
a
short
video
showing
you
know
something
you
decide
to
do.
It
can
be
a
big
win.
I'll.
Add
that
you
know
if
you're
an
existing
security
researcher,
a
number
of
security
researchers
already
have
some
tools
that
they're
comfortable
with
awesome.
If
that's
helpful
and
those
kinds
of
videos
to
help
them
understand
and
use,
new
tools
is
really
really
helpful.
Also.
B
B
But
let
me,
let
me
just
add
a
quick
plug
in
addition,
though,
for
many
many
software
developers,
they
really
don't
know
they
struggled
to
use
some
of
these
tools,
not
because
the
tools
are
necessarily
hard,
but
they
can't
they
don't
really
understand
what
the
tools
are
trying
to
accomplish.
They
don't
really
understand
what
vulnerabilities
are
in
general
and
so
for
in
a
lot
of
cases.
What
they
need
is
not
just
here's
how
to
use
a
tool.
B
You
know
mechanically
or
here's
some
tricks,
how
to
use
the
tool,
but
more
broadly
education
on
you
know:
hey
what
is
security?
What
are
common
kinds
of
problems
and
those
sorts
of
things
and
I
hear
that
there
are
courses
from
the
the
the
open,
ssf,
secure
development
project.
I
hear
about
this
thing
called
SKF
Randall.
You
may
also
have
heard
of
it.
B
So
I
I
laugh
for
those
who
don't
know.
I
I
led
development
of
the
of
the
open,
ssf
and
Randall
leads
on
the
it's
at
least
a
part
of
SKF
project,
and
we
work
together
so
so
I'm
just
pointing
out
that
in
many
many
cases
it's
not
just
education,
the
tools,
it's
you
know
the
basics
of
security,
and
we
can
point
off,
thankfully,
to
existing
materials.
D
F
F
Don't
know
if
you
guys
know
project
Discoverer
Jonathan
probably
knows
who
they
are
but
but
stuff
like
that,
so
we're
kind
of
turning
in
and
then
we
have
obviously
we're
working
on
our
own
Kali
Linux,
which
is
the
hack
OS,
which
we
think
is
going
to
be
a
major
marketing
tool,
so
yeah,
so
we're
working
on
a
lot
of
really
cool
things.
That
is
not
just
the
platform.
If
you
will.
C
F
D
B
F
So
we're
we're
going
through
all
that
and
yeah
and
then,
as
I
said
there's,
so
a
lot
of
the
secret
meeting
has
to
do
with
OAS
and
basically
there
are
things
happening
at
oauth
that
yeah,
where,
where
that
tooling
side
of
things
might
get
real
a
lot
more
interesting.
Real
fast
is
all
I'm,
saying,
I'll,
say
more
in
the
secret
meeting,
but
I
thought
that
being
Alpha
and
Omega
you
guys
would
be
interested
because
part
of
this
is
so
I
I.