►
From YouTube: Education SIG (September 21, 2022)
Description
Meeting minutes: https://docs.google.com/document/d/1Lt8uGpiMFfgws8VF36xtTMaJAeHufha-7Dqz1tjrPGY/edit
A
B
A
A
A
Oh
David
you'll
help
me.
Oh
thanks,
Dave
for
yourself
you're
the
bee's
knees
all
right.
If
you
have
any
opens,
please
drop
them
into
the
opens
section
as
a
note
to
everybody.
The
next
time
we
have
a
full
Sig
calls,
which
will
be
two
weeks
from
now.
We
will
have.
The
section
leads:
do
like
a
two
minute
update
as
to
any
progress
they've
made
and
their
sub
sections
I
will
open
the
floor
now.
I
see
we
have
some
notes.
C
So
we
did
not
have
a
meeting
last
week
because
of
the
conference
up
day,
so
we
are
actually
a
meeting
behind
the
information
from
our
first
meeting,
which
was
September
1st
if
I'm
not
mistaken,
is
down
below.
Under
the
team
updates,
we
reviewed
the
pieces
of
the
plan
that
were
assigned
to
the
curate
content
subgroup.
Some
things
got
moved
around.
We
verified
that
everything
listed
that
remains
is
indeed
in
our
scope
and
next
meeting.
We
plan
on
starting
to
dig
down
and
putting
some
tasks
to
those
goals
and
assigning
those
tasks.
C
D
Yeah,
so
we
had
the
two
meetings
already
the
first
one
is
indeed
well
validating
the
new
scope
items
we
got
from
Dave
and
his
working
group,
and
we
all
agree
that
they
should
post
her
home
at
at
our
place.
So
that's
good,
then
what
we
also
discussed
was
basically,
we
had
already
an
action
point
for
the
stack,
Overflow
yeah
goal,
where
we
wanted
to
actually
educate
and
improve
code
Snippets
that
we
have
on
the
internet.
D
For
that
we
talked
also
when
we
are
meeting
with
together
with
Randall
and
Xavier
and
to
see
if
both
will
be
a
solution
there.
So
far,
there
are
some
interesting
ideas
like
extending
the
bit
Bounty
program
from
both
Bill
point
of
view,
creating
some
Snippets,
maybe
or
even
building
a
sort
of
what
is
it
plugin
for
your
browser
that
puts
you
know,
identify
code,
Snippets
and
using
both
kill
to
then
say:
hey.
This
is
good
or
bad.
D
So
there's
some
work
in
the
pipeline
and
let
me
see
we
also
had
in
the
latest
discussion.
It
was
maybe
a
bit
short
steps,
one
because
of
the
weird
time
yeah
we
do.
We
put
our
seat
in
a
new
timer
slot
on
the
Thursday,
but
David
Randall
myself
was
there
I
think
also
one
of
the
ladies
were
there,
and
there
we
also
discussed
what
should
be
in
scope,
actually
so
what
type
of
languages,
but
also
what
are
technology
Stacks,
because
what
we
discussed
was
okay.
D
Well,
what
currently
is
most
burning
and
where
people
most
need
attention
in
is
a
web
API,
maybe
mobile,
but
there
was
also
this
strong
feeling
that,
for
example,
iot
could
also
be
included
in
future
scoping.
For
now,
we
think
there
would
be
maybe
a
year
two
goal,
but
yeah
at
least
two
first,
what
we
can
and
where
we
have
materials
for
them,
it's
quite
easy
to
to
have
a
good
MVP,
and
that
is
basically
web
API
and
the
probably
also
mobile
that
we
yeah.
A
All
right
for
those
interested
in
participating,
the
Glenn's
next
meeting
will
be
23
hours
from
now
so
8
A.M
Eastern
on
Thursday
and
then
I
think
our
other
groups
are
next
week.
The
meeting
times
are
all
further
up
in
the
agenda.
They're
also
I've
put
them
into
the
git
repository
so
each
plan.
Now,
if
you
go
to
each
of
the
plan
sections
at
the
top
of
the
the
document,
it
lists
the
meeting
day
and
time
gives
a
link
to
zoom
meetings
and
also
a
link
to
meeting
notes.
A
A
So
a
couple
points
of
interest
before
we
actually
get
into
some
work.
I
attended
the
open
source
Summit
Europe
in
Dublin
last
week.
It
was
a
really
great
experience,
hosted
open,
ssf
day
lots
of
interest
and
excitement
around
the
education
Sig.
We
actually
had
a
birds
of
a
feather
session
where
a
couple
of
us
got
together
were
talking
about
possibilities
for
this
group.
I
will
take
those
notes
and
type
them
up.
It's
been
a
crazy
week
catching
out
so
I'll
type.
A
How
could
we
write
a
class
or
a
learning
artifact
around
these
types
of
things,
so
we're
going
to
get
some
professional
help,
actual
Educators,
so
yay
that'll
be
so
Cassie
will
probably
join
us.
I'd
say
probably
in
a
month
or
so
I'll
invite
her
in
and
once
once
the
plan
is
baked
a
little
more
and
then,
as
a
another
note,
I
reached
out
to
a
professor
friend
of
mine
who
specializes
in
cyber
security
education.
A
A
It's
actually
one
of
the
few.
That's
teaching
cyber
education
today
and
I've
talked
with
him
about
looking
at
the
plan
and
he
gave
it
a
quick
look
liked
what
he
saw
initially
from
the
main
mobilization
plan,
and
he
has
committed
that
he
and
some
of
the
other
professors
within
his
group
are
going
to
collaborate,
maybe
provide
us
notes
and
there'll
be
another
nice
sounding
board
for
us
in
one
of
many
professional
academic
touch
points
that
we
can
reach
out
to,
and
then
we
just
need
to
think
about
how
we
want
to
approach.
A
You
know
career,
Changers
or
professionals.
Already
in
the
field
that
are
trying
to
upskill,
so
we
just
need
to
kind
of
think
about
these
different
types
of
contacts,
but
we're
starting
to
get
some
momentum.
We
will
have
some
actual
educational
perspectives
that
help
us
out
once
we
get
the
technical
bits
together,
any
questions
about
either
of
those
things:
oh
Jeff,
your
background's
in
technical
writing
and
education.
A
C
A
C
A
A
A
A
C
C
A
Going
to
be
a
little
of
both
because
we're
not
going
to
create
all
the
materials
so
as
like,
with
with
an
O
wasp,
there's
a
lot
of
really
good
educational
materials
that
already
exist.
So
we
would
find
a
way
to
Showcase
and
Route
people
that
way,
but
then
we
will
be
creating
new
materials
and,
as
Glenn
mentioned
around
mobile
and
API
security
as
kind
of
a
gap
with
our
summer
stuff.
A
All
right,
let
us
scroll
down
to
the
scope
work
which
you
can
clearly
see
is
in
progress.
I
need
to
find
a
little
yellow
and
black
guy
digging
the
hole
and
put
that
there
So.
Currently,
what
is
in
scope
we
will
be
in
scope,
is
training
and
education
around
secure
development
management,
deployment,
distribution
and
data
access
controls.
D
D
It
would
be
awesome
to
also
have
here
in
scope
that
we
help
them
and
their
project
as
well
to
further
improve
and
I
mean
otherwise
we
miss,
or
we
need
to
reinvent
the
wheel
again
or
put
it
somewhere
where
it
doesn't
belong
so
I
read,
it
would
also
do
a
collaboration
with
other
open
source
projects
to
improve
their
project
as
well,
based
on
the
feedback
or
the
gaps
that
we
identified.
From
our
point
of
view.
C
A
D
Well,
for
that
one,
we
actually
have
in
our
working
group
a
specific
item
to
to
improve,
but
mostly
there
what
we
will
do
is
we
have
done
proper
code
Snippets
that
are
good
and
we
identify
ideally
with
an
automated
way,
failures
in
forums
or
whatever,
like
stack
overflow,
which
we
then
can
link
to
in
a
platform
like
SPF
or
whatever,
saying
like
here
is
the
vulnerability.
This
is
what
is
wrong.
This
is
what
it
should
be
doing.
Hey
you
want
to
practice
this
in
real
scenario
or
easy.
D
This
and
see
exploits
what
hackers
do
with
it
whatever.
So
we
have
that
whole
package
of
data,
but
this
is
specifically
well
I,
don't
know-
take,
for
example,
the
the
work
of
David
wheeler,
it's
really
good
right,
but
yeah.
We
missed
some
categories
there,
so
I
would
like
to
also
you
know,
build
and
extend
and
improve
his
project.
Maybe
he
always
testing
guide
that
they
miss
certain
type
of
vulnerabilities
that
should
be
on
there,
right
and
and
so
on,
and
so
on.
D
So
I
rather
want
to
then
improve
the
project,
that's
very
mature
and
on
itself
already,
you
know
out
there
and
recognized
I
rather
want
to
improve
that
than
yeah
that
we
are
going
to
make
a
sort
of
Local.
Edition
student
work
attend
it,
and
you
know
that
that
sounds
like
really
bad
yeah
way
of
trying
to
fix
it.
So
I'd
rather
want
them
to
reach
out
to
do
this
project
say
Hey.
You
know,
here's
a
PR
use
a
Improvement
and
then
really
on
that
level
will
be
the
collaboration.
D
A
So
I
made
a
slight
adjustment
to
what
David
captured
so
potentially
we
can
add
in
improve
existing
security,
education
and
open
source
software
project
security
with
our
educational
materials.
Does
that
kind
of
help
meet
us
in
the
middle
there?
So
we're
addressing
like
what
Glenn
said
where
we're
providing
feedback
to
like
Wheeler's
project
and
other
projects
that
provide
security,
education,
we're
improving
documentation,
but
then
we're
also
focusing
in
on
software
projects
as
well.
Does
that
seem,
okay.
A
A
A
All
right,
if
there's
no
more
feedback
on
what's
in
scope,
let's
look
at
the
two
items
we
listed
as
out
of
scope.
We
said
explicitly
out
of
scope,
is
reporting
of
unknown
security,
vulnerabilities
and
open
source
projects
or
taking
action
to
remediate
those
vulnerabilities
and
helping
projects
or
individual
Enterprises
or
they're
mediating
their
own
security
exposures
from
other
open
source
projects,
security
vulnerabilities,
so
we're
not
in
the
vulnerability
management
incident
response
business
with
this
particular
effort.
Do
we
agree
with
that.
A
A
D
D
What
would
make
sense
is
giving
a
personal
feedback
to
trainees,
or
you
know,
people
who
use
the
platform,
the
Learners
in
explanation
of
the
certain
material
right.
Maybe
they
will
come
to
us
and
say:
hey
okay,
please
explain
this
vulnerability
ABC.
So
it's
not
something
like
that.
So,
but
that's
very
I
would
say
close
to
what
we're
trying
to
do.
A
D
Or
like
I'll
talk
Consultants,
which
they
can
ask,
questions
to
or
I,
don't
know
those
type
of
things
I
think.
Actually,
what
is
out
of
scope
now,
for
me
at
least,
is
already
pretty
clear
from
reading
what
is
the
installed?
They
were
not
doing
that
so
should
we
name
it
that
that
is
also
my
problem
here
a
bit.
So
what
is
out
of
scope?
Well
like
like
being
a
consultant
or
giving
one-on-one
feedback
on
the
training
material?
Explanation,
yeah,
that's
something
we
definitely
not.
D
Gonna
do
right,
maybe
rethink
based
on
all
the
materials
we
have
or
we
want
to.
But
that
is
definitely
a
no-go
I
say
out
of
scope,
helping
with
technical
issues
if
they
can
run
a
tool
or
follow
a
certain
path.
I
mean
yeah
again,
they
I
think
it's
a
bit
hard
to,
and
these
things
here
are
already
for
me
clear
that,
of
course,
that's
not
that's
out
of
scope.
So
should
we
name
it,
but
that's
a
bit
my
issue.
Okay,.
C
A
C
A
So,
potentially
because
we
do
have
other
groups
that
do
these
things,
we
could
incorporate
that
into
our
educational
materials.
If
you
have
questions
about
reporting
vulnerabilities
go
talk
to
this
group.
If
you
are
curious
about
end
user
consumption
of
Open
Source
and
how
to
deal
with
these
things,
go
talk
to
this
other
group,
so
we
potentially
could
build
that
into
our
materials.
B
Yeah
in
agreement
with
Glenn
as
well,
it
just
seems
like
there's
a
really
big
distance
between
what
we
are
stating
is
in
scope
and
then
going
way
over
there
for
what's
out
of
scope.
He
mentioned
a
bunch
of
things
that
I
was
going
to
mention.
The
one
thing
I'd
add
is:
maybe,
since
we're
mentioning
certified
incentivizing
hiring
of
certified
practitioners
and
providing
a
showcase
for
certifications,
maybe
pointing
out
that
out
of
scope,
I'm
assuming,
is
actually
certifying
or
doing
any
sort
of
certification
ourselves.
A
B
A
A
A
C
A
A
So
a
another
working
group
identified
a
problem
that
is
kind
of
spans,
the
whole
foundation,
and
they
felt
that
this
group
was
the
appropriate
place
to
manage
this
particular
problem
and
a
couple
weeks
back,
this
group
agreed
to
it.
So
I
would
like
to
talk
about
what
we
can
do
to
move
this
particular
issue
forward
and
we
started
a
a
glossary
file
and
it
is
full
of
a
lot
of
things,
but
not
a
lot
of
definitions.
B
I
mean
if
you're,
just
looking
for
practical
steps,
I
mean
maybe
this
this
has
been
talked
about
before,
but
just
in
case
it
hasn't.
If
we've
got
a
file
without
definitions,
maybe
we
can
just
start
copying
in
in
different,
say:
let's
say
a
sheet.
You
know
spreadsheet
different
columns,
different
definitions
from
say,
ISO
or
Library
of
Congress
definitions
and
I've
seen
the
issue
there's
a
couple
linking
out
to
existing
info.
A
D
Well,
we
definitely
I
think
need
to
efforts
I'm,
just
thinking
out
like
we
also
try
to
overcome
the
same
issue
that
we
have
in
SPF
with
all
the
your
home.
We
basically
create,
like
these
knowledge
base
items
with
well
the
weird
abbreviation
the
the
your
home
and
then
the
explanation
below
also
I'm,
just
thinking.
D
If
we
have
this
list
and
it's
all
set
with
markdown
files,
for
example,
then
we
can
also
reuse
a
part
of
SKF
where
you
have
a
chatbot,
where
you
can
just
ask
hey
what
is
this
and
then
it
will
say
you
can
deploy
the
thing
in
select
I,
don't
know
like
60
different
chat
channels,
Microsoft
teams,
whatever
it
all,
will
work
there,
but
it's
just
about
the
content.
Now
that
is
the
bottleneck,
the
technical
part
actually,
and
how
to
get
it
to
the
people
on
easily
consumable
yeah.
A
C
I
actually
kind
of
have
a
comment
because
I
wouldn't
do
it
justice,
but
I
know
that
David
has
a
lot
of
information
and
a
lot
of
thoughts
about,
because
he's
talked
to
me
about
like
how,
because
I'm,
as
I
said,
I'm
helping
with
SKF.
So
we
had
a
meeting
and
yeah
like
he
has
some
thoughts
about
how
we
should
move
forward.
D
Indeed,
definitely
probably
will
revisit
this,
but
just
to
give
you
an
idea
so
also
what
we
did
is
for
web-based
type
of
your
home.
We
use
the
this
markdown
4
mod.
We
also
took
from
the
cwe
content
very
nice
and
they're,
like
already
400,
plus
I,
think
knowledge
base
items
in
there
about
SQL
injection
and
stride
and
I.
Don't
know
all
these
type
of
things
but
yeah.
We
could
extend
this
easily
because
these
are
all
vulnerabilities
right
in
web
API
and
application
development.
A
A
So
back
to
my
question,
I
was
about
to
pose
the
group.
Do
we
have
anyone
that
has
the
interest
and
availability
to
start
compiling
some
of
these
definitions,
and
then
we
can
figure
out
the
implementation
in
a
future
meeting?
Does
anyone
have
time
to
focus
to
start
to
collect
some
of
these
or
existing
materials?
Like
Glenn
mentioned,
he
has
a
bunch
of
stuff
and
Wheeler
has
some
stuff
and
I.
A
C
If
I
may
like
just
to
give
a
short
summary
of
what
what
David
said,
this
might
not
be
the
whole
scope,
but
we
did
talk
about
how
SKF
like
we
talked
about
as
KF
being
D
platform.
Basically
because
SKF
the
ideology
is
to
like
give
people
like
a
progression,
so
you
could
learn
like
in
a
progressive
way
and
that's
the
idea
of
SKF.
C
Now
the
idea
of
it
being
like
the
the
platform
is
difficult
and
probably
not
likely,
because
there
are
different
expectations
and
different
ways
that
the
learning
needs
to
be
packaged
to
meet
different
goals,
but
basically
he
said
kind
of
in
an
Ideal
World.
Maybe
we
could
do
like
two
platforms
that
are
interlinked.
C
I
also
want
to
mention.
A
big
thing
of
SKF
is
to
leverage
a
lot
of
the
stuff
that
already
exists.
So
yeah,
and
another
thing
I
want
to
mention
that
David
mentioned.
Is
that
so
you
can
get
David's
course
from
edx
or
you
can
get
it
from
his
website
or
you
could
get
it
from
SKF,
however,
or
GitHub
correct.
However,
he
mentioned
that
most
people
gravitate
to
edx
and
it's
all
the
same
information.
So
he's
like
what
he
suspects
it's
because
of
the
platform
and
The
Learning
Experience.
C
A
I
think
down
the
road
again
now
now
that
we've
got
some
contacts
within
the
LF
education
group,
I
think
that
can
definitely
help
us
when
we
get
to
that
delivery
aspect.
When
we're
ready
to
start
thinking
about
the
channels,
we
want
to
push
these
materials
out
to
yep
and
I
I
believe
any
new
materials
we
make
if
it's
an
actual
traditional
class,
we'll
probably
also
do
follow
the
existing
model
of
the
edx,
LF
training
and
then
scorm
connect.
So
we
would
probably
produce
it
at
least
through
those
three
channels
for
a
more
traditional
class.
C
Right
right-
and
just
so,
you
know
also-
and
people
in
this
group
know
so
kind
of
Leverage
my
Astro
connections
and
got
like
a
group
of
about
eight
developers
interested
in
security
that
are
also
they're
currently
out.
They
all
work
at
Astro,
they're,
all
front-end
developers,
so
I
kind
of
got
them
all
signed
up
to
rebuild
or
do
work
for
SKF.
Basically,
oh.
D
D
It
says
it's
good
that
we
have
these
multiple
yeah
platforms
and
choices
which
people
can
study
the
material
that
we
developed,
that
we
get
together
and
that
we
are
going
to
offer
and
yeah
the
whole
difference
is
same
stuff.
You
can
do
right.
The
the
David
course
on
the
in
SKF
you
get
the
labs
and
really
interactive.
You
can
play
with
the
things
it's
a
bit
of
a
longer
Journey,
but
it's
very
practical
right
and,
like
he
mentioned
as
well,
in
that
meeting,
some
people
don't
want
to.
A
I
think
that'll
be
an
interesting
conversation.
We
have
in
your
sub
team
plan
talking
about
how
what
channels
or
medium
or
methods
we
want
to
produce
this
content
in
and
we'll
need
to
probably
make
some
type
of
Matrix
yep
for
sure
I.
Think
that'll
be
an
interesting
conversation
in
a
an
ad
for
Glenn's
meeting,
we'll
be
talking
about
that
Sunday
about
how
we're
going
to
based
off
of
the
piece
of
based
off
the
content.
You
know:
how
does
it
what
channel
or
channels
does
it
go
out
through.
A
B
I'm
sorry,
it
always
takes
me
a
second
to
find
the
the
hand
yeah
I
was
just
thinking,
if
good,
to
consider
having
a
a
sort
of
default
like
if
all
the
definitions
seem
equally
good.
We
will
default
to
ISO
or
we
will
default
to
some
existing
thing
just
to
cut
down
on
the
work,
but
I
don't
know
if
there's
any
strong
preferences
it
just.
It
seems
like
there's
a
lot
out
there
that
we
don't
need
to
reinvent.
A
The
Boggle
with
ISO
is
a
lot
of
the
materials
are
behind
a
paywall
which
is
restrictive
for
something
I,
don't
know
about
terminology
specifically,
but
like
a
lot
of
the
standards
you
have
to
pay
to
get
to
which
excludes
members
of
the
community
from
getting
access
to,
but
yeah
I
think
that's
good
to
have
a
default.
You
know
this
is
our
preference.
If
everything's
generally
equal.
C
I
had
a
comment
about
this.
Please
I
think
that
we
should
try
to
stay
away
from
like
government
and
like
things
that
could
be
nationally
defined,
because
some
people
have
the
opinion
that,
like
here
here
in
the
U.S
we
like
to
impose
our
ideas
on
people,
so
I
would
encourage
things
like
first.
Maybe
first
has
good
definitions
or
cert
or
kind
of
like
a
like
agnostic
group.
Just
gonna,
say.
A
D
D
C
C
C
A
C
A
A
All
right,
I,
don't
see
anyone
clamoring
for
attention,
so
I
want
to
thank
everybody
for
your
time
today.
I
think
this
was
very
productive,
very
excited
and
look
forward
to
the
individual
content
stream
calls
to
actually
start
and
continue
refining
the
plan.
So
thank
you
all
enjoy
the
rest
of
your
days.
Cheers
see
everybody.