►
From YouTube: Education SIG (September 7, 2022)
Description
Meeting minutes: https://docs.google.com/document/d/1Lt8uGpiMFfgws8VF36xtTMaJAeHufha-7Dqz1tjrPGY/edit
A
C
D
A
A
All
right,
thank
you,
everyone
for
your
patience,
while
I
was
doing
a
little
bookkeeping.
I'll
get
the
agenda
set,
so
we
have
the
subgroup
calls
at
the
top
in
case
anyone
just
track
of
them.
I
just
haven't
had
the
opportunity
to
collect
everybody's
assorted
meeting
Docs
so
welcome
to
the
September
7th
call
of
the
education
Sig.
D
A
A
A
E
A
A
F
A
A
All
right
I
would
like
to.
Since
we
are
now
we've
moved
off
the
the
meat
of
the
work
to
the
sub
team.
Calls
I'd
like
to
spend
a
little
time,
Shoring
up
our
git
repo,
to
make
sure
we
have
a
mission
and
vision
that
reflects
what
we
would
like
to
achieve
and
I
would
like
to
fill
in
some
of
the
you
know
the
missing
parts,
for
example
the
governance
section
on
this
page
I'll,
take
care
of
now
that
PR
112
from
the
TAC
is
done.
I
will
new
time
stick
to
2
p.m.
A
E
A
D
B
A
A
So,
to
start
kind
of
the
Preamble,
this
education
Sig
is
a
group
working
with
the
best
practices
working
group
to
form
form
to
advance
and
deliver
upon
the
mobilization
plan
stream.
One
the
Sig
is
dedicated
to
providing
industry
standards,
secure
software
development,
training
materials
that
will
educate,
Learners
of
all
levels
and
backgrounds
on
how
to
create
compose,
deploy,
maintain
software
securely
using
best
practices
in
cyber
and
application
security.
B
I
think
it
is
certainly
factually
correct,
but
it
didn't
really
flow
well,
so
perhaps
at
some
point
certainly
not
now
it's
not
up
big
deal
and
I'm
not
going
to
be
able
to
Wordsmith
and
have
people
in
my
head
so
but
at
some
point,
I
think
some
wordsmithing
could
be
good
to
make
it
even
easier
for
people
to
digest.
What's
going
on
just
take
it
down
a
level.
Perhaps.
A
A
The
motivation
was
borrowed
straight
from
the
mobilization
plan.
So
are
we
okay,
echoing
that,
right
now
it
says
historically
little
tension
is
paid
in
traditional
software
engineering
coursework.
That
highlights
and
teaches
the
importance
of
good
cyber
security
hygiene
and
secure
coding
techniques.
A
E
Well,
maybe
there's
also
ties
a
bit
the
first
part,
but
you
know
there
are
of
course
materials
out
there
right.
They
can
name
a
couple
of
vendors
who
will
direct
you
an
arm
and
elect
for
access
to
materials,
but
yeah.
So
isn't
it
also
the
motivation
to
make
it
fully
available?
I
mean
it
should
make
sense
your
openness,
if
there
but
yeah.
Maybe
you
should
reflect
it
as
well
in
the
motivation
and
then
the
in
the
first
part
that
it's
without
any
pain
in
the
walls
or
whatever
you
hear
your
free
knowledge
right.
D
B
B
C
E
Just
a
question:
so
why
low
cost?
Because
you
consider
the
examination
or
certification
also
as
a
cost
factor?
Maybe
we
should
then
split
it
up,
because
the
material
and
the
training
is
actually
free
right,
but
yeah
the
certification
people
have
to
look
at
it
really.
You
know
review
assessments
Maybe,
so
it
is
I,
think
more
understandable
that
that
is
I
would
say
below
cost.
For
so
sorry,
for
that
Eric.
D
Yeah
so
on
the
no
cost
I
think
it
kind
of
depends
on
who
the
Learners
are
right.
So
from
this
perspective,
we've
talked
a
lot
about.
You
know,
underrepresented
groups,
we've
talked
about,
you
know
the
potential
of
taking
it
as
low
as
like
high
school
level
versus
college
versus
other.
You
know,
and
some
of
the
underrepresented
groups
or
areas
where
budgets
maybe
be
less
like
groups
like
girls
of
code
and
things
like
that
may
not
have
budgets.
You
know
where
they
can
afford
this.
D
So
is
it
a
conversation
around
the
snow
costs
based
on
need,
and
we
also
talked
about
you
know
that
somebody's
paying
for
it
like
grants
and
other
things,
but
you
know
how
do
you
differentiate?
That?
Is
there
a
scenario
where
it's
you
know
so
many
of
the
certifications
in
a
given
period
of
time
for
some
of
these
groups
that
you
know
really
are
underrepresented
or
have
lower
budgets,
or
you
know
purely
from
learning
perspective
versus
established
professionals.
A
B
B
D
D
B
With
the
word
free
in
the
English
language
and
it's
relationship
to
the
free
and
open
source
movement
that
goes
back
decades
and
decades,
and
it's
not
something
we're
going
to
litigate
and
fix
today,
but
it
is
something
that
is
also
well
known
and
well
understood
and
so
I
do
think
it's
something
we
should
consider,
keeping
in
there
openly
and
freely
and
I
like
the
idea
of
including
accessibility.
But
you
say,
accessibility
to
me
and
I'm
thinking
it's
available
for
people
who
have
a
different
mental
and
physical
abilities
and
others.
B
D
B
C
Yeah
two
different
things:
if
you
first
freely
I
mean
you
can,
if
what
you
mean
is
no
clue,
there's
no
cost.
You
want
to
just
say
no
cost.
If
you
mean
by
openly
as
in
open
data,
you
can
say
that
you
can
say
both
of
those
I
think
you've,
probably
in
both
of
those
accessible
versus
accessibility,
probably
need
another
word
because
yeah
when
I,
when
somebody
says
accessibility,
I
assume
we
are
talking
about
blind
deaf
Etc,
now
I
actually
do
think
we
should
strive
to
make
our
resources
accessible.
C
In
that
sense,
there
is
a
danger
that,
for
example,
you
know:
hey
I,
make
a
video
wait
a
minute.
Now,
not
everybody
can
see.
Well,
yes,
on
the
other
hand,
saying
I
can't
make
videos
is
not
helpful
for
the
vast
number
of
people
who
have
vision
so
I
think
it's
more.
There
are
more
cut.
We
probably
need
to
say
something
more
complicated
than
everything
must
be
completely
maximally
yeah
available
would
be
good,
or
at
least
a
start,
but
I
think
that's
probably
under
objectives.
By
the
way.
C
B
Oh
it's
down,
I
think
that
a
lot
of
these
are
details
that
should
be
discussed
and
should
be
covered
in
this
document
somewhere,
but
mentioning
them
here
in
the
objective
and
then
clarifying
them
further
down
and
or
more
probably
better
linking
to
clarifications
in
additional
documents.
Once
we
have
them,
I
think
that's
going
to
be
the
way
to
go,
because
otherwise
we
could
be
iterating
on
this
line
all
morning,
and
it's
not
that
I,
don't
love
seeing
you
or
it's
just
that
I
have
to
drop
early
for
another
call.
D
A
C
A
C
B
F
C
F
B
C
We
probably
ought
to
a
link
to
a
definition.
What
is
the
usual
legislative
Expedition
here,
Disability
Rights
I
want
you
when
we
go
on
ahead,
I'm,
going
to
do
a
little
Google
search
and
see
if
I
can
tweak
that
because
I?
If
that's,
if
it
looks
the
same
to
somebody,
that's
probably
look
the
same
to
somebody
else
and
I,
don't
think
they're
they're
supposed
to
be
the
same.
A
A
A
F
E
Yeah
I
I
was
indeed
you
know
if
I
would
come
on
a
reading.
Page
I
want
to
know.
Okay
is
this
applicable
for
me.
So
maybe
it's
about
the
materials
and
the
scope
of
the
content
that
we
actually
covering
and
if
that's
in
your
interest,
then
you
can
see
okay,
it
doesn't
have
something
for
my
type
of
learner
right
and
then
you
can
deep
dive,
but
I
think
here
it's
just
first
like
hey.
This
is
what
we
offer
actually
in
terms
of
content
and
stuff.
We
cover
mm-hmm.
E
E
That
is
that
final
is
the
more
thoughts
behind
it
because
we
also
just
mentioned
hey:
it's
not
only
about
your
Coatings,
it's
about
secure
software
development
right.
So
it's
a
the
whole
process,
so
yeah,
sorry,
disabled,
I'm,
challenging
a
bit
here,
maybe
so
yeah
I'm,
not
sure
that
was
the
idea.
I'm.
Sorry
for
that,
but
maybe
who
has
a
good
view
on
it
to
maybe
summarize
a
little
short
for
me.
A
C
Yeah
I
want
to
push
back
on
that
first.
One
I'll
note
that,
for
example,
the
existing
course
I'm
pretty
sure
we
use
vulnerabilities
of
closer
software
as
some
examples
things
like
you
know,
the
solarwinds
builds
subversion,
at
least
as
examples
I
think
they're
absolutely
Fair,
because
we
should
learn
from
everything
we
can
and
what's
more,
a
lot
of
the
stuff
that
we're
teaching
I,
don't
I'm,
expecting
it
to
work
regardless
of
whether
it's
open
source
or
proprietary
or
closed
Source
I
mean
it's.
C
B
B
D
C
E
Well,
for
me,
I
mean
they're,
all
like
I
would
say
correct
statements,
but
it's
a
bit
for
me.
Yeah
I
could
also
say
here:
I,
don't
know
what
we're
not
going
to
do
is
teach
people
how
to
cook
I
mean
it's
really
in
correlation
of
what
is
in
spoke
that
might
arise.
Some
doubt
that
oh,
but
do
you
do
this,
or
do
you
do
that?
No,
that
is
out
of
stock
and
I.
Think
well,
when
we're
talking
about
education,
training,
yeah,
reporting
of
unknown
Street,
returnability
and
open
source
projects.
E
For
me,
and
at
least
for
me,
it's
already
pretty
clear
if
your
focus
area
is
security,
training
and
education
right,
so
I
find
it
very
hard
to
to
fill
in
here,
yeah
good,
good
statements
that
are
out
of
scope
that
relate
to
what
is
in
school.
So
that's!
My
first
question
was:
what
is
the
in-scope
thing.
C
E
Because,
for
example,
everyone
was
thinking
about
scope,
okay,
so
well,
most
of
the
things
nowadays
are
being
built
in
api's
rectification.
Those
are
the
the
phone
things
right
that,
of
course,
you
can
also
talk
about
desktop
applications.
Mobile
applications,
Mainframe
I
mean
so
there
I
would
say:
hey
that's
a
good
scope.
What
is
in
scope?
What
not
and
then
we
can
say
well
we're
not
going
to
teach
you
how
to
write
secure
code
or
software
development
in
global
and
IBM,
or
maybe
we
do
but
I
mean
that
is
a
bit
for
me.
E
A
The
we've
never
explicitly
talked
about
any
of
these
topics,
which
is
why
I
want
to
focus
now
that
we're
have
work
streams
to
focus
on
the
plan
to
get
the
plan.
Moving.
I
would
like
to
talk
about
the
administrivia
of
this,
so
I
would
like
this
webpage
to
be
open
and
inviting
for
new
participants
or
people
that
want
to
learn
about
our
efforts.
So
this
is
all
excellent
debate
and
comments.
A
A
E
E
Correct
so
I
think
we
should
make
at
least
a
small
Surplus
under
it,
I
would
say
defining
which
areas
we
do
cover
trading
and
education
for
secure
software,
development
and
I
think
well
web
application
development.
That
is
what
lives
on
the
edge
most
risk,
so
I
think,
because
we
can't
cover
it
all
again.
I
guess
right.
B
A
E
But
that's
okay
right
I
mean
the
first
iteration
is
I
would
say
what
what
adds
the
most
value
and
what
is
most
at
risk.
Yeah
I
was
take
that
approach
and
indeed
like
iot,
could
be
a
good
one,
but
it's
very
specialized
very
Niche
and
not
many
developers,
I,
would
say
building
these
type
of
insecure
things
similar.
You
could
say
for
desktop
applications
or
mobile,
but
again
it's
very
Niche.
E
There
are
not
that
many,
so
as
an
NCP
to
start
and
launch
this
whole
initiative,
I
mean
in
the
future,
with
somewhere
with
zombie,
I
really
need
iot
as
well.
So
we
start
up
a
new
stream.
We
have
a
sort
of
platform
right
where
you
can
put
all
the
materials
in
and
we
can
attending
to
it.
But
you
know
in
the
end.
We
also
need
to
create
like
labs
and
Hands-On
things
so
yeah.
B
Yeah
and
I
agree
with
everything
you
said
ever
every
single
word
of
it
I
just
don't
believe
it
molecular
scope
statement,
perhaps
instead
a
to
see
our
current
priorities
in
roadmap
visit.
This
link
here
sort
of
thing,
because
that
is
something
that
can
evolve
as
time
goes
on,
whereas
our
scope
should
remain
relatively
static
and
so
I
do
think
it's
something
that
we
should
absolutely
Define
everything
you
said
huge
plus
one,
but
we
can
Define
it
in
a
different
document
or
a
different
part
of
this
document.
B
D
Oh,
it's
me
I
promise,
I
won't
bring
down
a
rabbit
hole.
I
was
just
wondering
to
keep
a
more
high
level
like
around
scl
training,
and
just
those
topics
include
I
mean
all
of
that
was
mentioned,
because
once
you
start
mentioning
one
you're
going
to
miss
one
thing,
STL
I,
would
presume
covers
everything
else
very
much.
A
A
C
F
The
danger
of
making
a
list
here
so
I'm
just
going
to
speak
up
since
it
relates
to
this.
The
danger
of
making
a
list
here
is
because,
if
someone's
gonna
get
left
out-
and
if
you
want
you
want
to
be
specific
with
your
scope,
you
also
want
to
make
sure
it's
high
level
enough
to
cover
what
work
you're
planning
on
doing.
F
My
suggestion
would
be
to
remove
the
bolded
list,
leave
the
statement
that
we've
got
there
and
then
reference
the
individual
section
plans,
because
that's
where
we're
going
into
more
detail
as
to
exactly
what
it
is
each
of
those
goals
is,
is
going
to
do.
That's
where
you
can
specify
more
specific
things
for
whatever
going
on
and
then
as
goals
are
created
moving
forward
when
we
expand
goals
or
create
new
goals,
we're
still
covered,
we
don't
have
to
change
the
scope
statement.
A
C
Yeah
I
I,
I
I
would
be
disappointed
if
we
don't
include
relatively
soon
at
least
something
about
supply
chain.
You
know,
basically,
you
know
protecting
your
builds.
Reproducible
builds
distribution,
things
involving
package
distribution.
Now
you
know
at
least
at
least
the
dev
and
the
blur
between
Dev
and
Ops.
Now
you
know
there's
a
lot
of
other
folks
who
already
cover
operational
cyber
security.
I.
Don't
think
we
need
to
cover
that
so
much,
but
there
is
an
overlap.
Yes,.
A
A
E
A
D
E
A
It's
in
the
plan
where
we're
talking
about
you
took
the
training.
You
passed
the
test.
You
got
a
certification
where
we're
going
to
you
know,
work
with
LinkedIn
or
indeed
or
whomever,
to
get
that
thing
highlighted
showcased
on
your
profile
and
then
try
to
point
hiring
companies
towards
those
people
that
are
trained
great.
E
A
E
D
A
Of
the
project
and
what
we're
going
to
be
committing
to
I
think
we
want
to
be
as
descriptive
as
we
can,
but
as
Dave
Rousseau
mentioned,
we
want
to
have
flexibility
that
we
can
pivot
or
add
new
work
that
directionally
Falls
within
this.
So
I
we're
not
going
to
list
out.
You
know:
here's
the
27
things
we're
doing
we're
gonna
point.
There
will
be
some
disclaimer
at
the
end.
A
That
says
we're
going
to
point
to
the
the
plan
that
we're
proposing
that
you
know
the
plan
speaks
to
the
items
we
will
be
delivering,
but
the
I
think
the
scope
needs
to
be
a
little
up
level
talk
stock
kind
of
thematically.
These
are
the
areas
we're
doing
our
work
on
and
how
potentially
people
could
participate
or
contribute
to.
A
A
A
A
B
A
A
E
A
D
A
All
right,
I
think
we
made
some
good
progress
and
had
some
good
conversations
today,
important
things
we
need
to
get
hashed
out.
So
I
will
ask
in
everybody's
spare
time
to
please
review
the
readme
either,
send
your
ideas
to
the
list
submit
a
PR
or
prepare
them
for
our
next
call,
and
that
way
we
can
kind
of
get.
This
thing
polished
off
and
I'm
going
to
add
now
that
I'm
editing
I'm
going
to
add
in
a
bunch
of
people's
GitHub
IDs.