►
From YouTube: OpenSSF Diagrammers Society (March 9, 2023)
Description
Meeting minutes: https://docs.google.com/document/d/14i9v7WuQcLzWpvLe9B0sl-kf90JLwxNwrZkRXLWmEdQ/edit#heading=h.9m0zi4b0wnne
A
A
A
B
B
Alrighty
so
now
I
know
that
crop
had
presented
to
the
attack
on
the
governing
board.
So
I'm
not
sure
what
this
this
group
is
going
to
do
right
now,
I
can
tell
you
what
I'm
hoping
to
do,
which
is
pitch
for
I,
need
a
deck,
so
I
actually
have
a
very
specific
need,
but
I
don't
think
I'm
alone,
which
is
I,
need
a
couple
slides
in
Google
Docs.
A
D
B
It
and
you
know
now
granted
there
are
many
needs
for
explaining
things,
but
one
is
to
be
able
to
present
to
others.
In
fact,
I'm
I
have
to
create
a
presentation
soon
for
well
Boeing.
Oh,
not
not
terrible.
It's
not
a
big
secret
so
anyway,
occasionally
I
have
to
give
presentations.
So
having
slides
that
are
maintained
is
a
good
thing.
Hi.
D
A
I've
said
a
few
across
apologies:
oh.
B
Got
nothing
to
apologize
for
I'm.
You
know
trying
to
juggle
too
many
things
at
once,
so
I'm
supposed
to
be
another
meaning
simultaneous
that's
a
little
hard.
B
B
Grove,
aha,
so
I
have
an
apology
to
make
I'm
supposed
to
be
at
two
places.
At
the
same
time,
even
with
electronics,
that's
hard
so
I
have
and
the
critical
projects
working
group
is
simul.
Yeah
scheduled
okay,.
E
B
Wow
all
right
so,
but
that's
all
right,
I
I'm
feeling
the
guilt
I'm
already
going
to
fly
down
to
the
floor,
so
I
have
a
request
really
for
that.
You
know
and
I
guess
it's
somewhat
selfish,
but
I
don't
think
it
is
I.
Think
other
people
are
in
the
same
boat.
I
am,
which
is
I,
occasionally
need
to
go
talk
about
the
open,
ssf
and
generally.
What
they
want
is
slides.
Okay.
B
We
have
some
you've
already
done.
You
know
at
least
like
the
hierarchy
and
the
CI,
CD
and
I
think
we
can
do
several
I'm
happy
to
to
create
a
Google
doc
of
the
versions
that
I
have.
If
people
want
to
replace
that
with
better
versions,
that's
great
but
I,
I
think
for
at
least
now
I
realize
that
some
of
them,
like
the
one,
the
Mind
map,
one
that
is
probably
not
practical
to
put
in
a
slide
deck.
That's.
B
Well,
I
I
I'm
not
trying
to
exclude
anything
it's
much
more
of
the
having
a
common
Google
deck
of
hey.
You
need
to
present
about
the
open
ssf.
Here
you
go
that
basically
Builds
on
the
ideas.
I
have
a
couple
slides
I
can
artists
provide
if
you'd
like
me,
mine,
if
you've
got
better
ones
great
and
if
other
people
have
slides
for
some
of
these
other
views?
B
E
Is
a
topic
that
Jennifer
and
I
have
discussed
in
other
meetings?
Okay
and
we
are
in
agreement.
This
is
a
thing
that
should
happen.
So
if
you
have
some
Source
material,
I'm
glad
to
help
facilitate
and
coordinate
and
get
things
in
an
appropriately
brand
approved
style,
deck.
B
B
At
least
you
know,
heck
I
don't
think
it's
a
crazy
idea
to
have
a
general
elevator
pitch
deck.
Jennifer
I
know:
we've
we've
done
some
things
for
new
members,
but
you
know
I'm
thinking
specifically
of
diagrams.
If
we
want
to
have
just
a
more
General
here's,
the
open,
ssf
I
mean
that
would
be.
That
would
be
quite
reasonable.
I
was
just
thinking
of
the
diagrams,
but
if
we
want
to
have
a
general
open,
ssf
pitch
deck-
and
this
has
is
part
of
it-
well,
that's
awesome
too
yeah.
A
But
yeah
I'm
gonna
get
started,
dropping
that
in
we
should
have
a
new
other
news.
We
should
have
a
new
template
for
slides
I
believe
this
week,
so
I
will
be
sure
to
share
that
it
is
still
with
creative
services,
but
they
have
been
working
on
it
and
it's
looking
really
good.
B
Okay,
I
have
existing
slides,
so
would
it
be
okay
to
just
start
with
something
I
already
have
and
then
sure
yeah
you
know
we
can
if
it
turns
out
to
be
a
horrible
terrible
thing.
A
Well,
it
actually
dropped
the
the
template
in
the
the
new
template
based
on
our
new
style
guide
in
the
the
meeting
chat
there.
It's
not
quite
final,
but
it's
almost.
B
Okay
wow:
this
is
a
really
different
format.
E
B
E
E
A
B
B
B
D
E
A
E
Think
that's
the
worthwhile
project
for
us
to
collaborate
on
is
helping
get
that
set,
and
you
know
pass
it
off
to
whomever,
ultimately,
whether
it's
the
the
marketing
committee
Outreach
folks,
you
know
kind
of
get
to
its
ultimate
home,
but
yeah.
We
can
definitely
assist
okay.
B
B
It's
walking
around
a
deck,
that's
right
at
least
the
starting
walking
around
pick.
Okay,
I!
Don't
know
why
I
can't
find
the
button
that
says
make
a
copy
of
me,
but
I
will
find
it.
It's
moved,
oh
there.
It
is
all
right.
C
C
B
Actually,
you
know
what
I'm
gonna
start:
I'm
Gonna
Leave
in
some
things
and.
B
Okay,
I'm
gonna,
I'm
gonna,
actually
use
I'm
gonna
just
provide
the
slide
deck
that
I've
used
for
the
Big,
Fix
sure
and
I
know
that
it
needs
changing.
That's
okay.
B
All
right
and
I'm
gonna
make
sure
probe.
You
are
editor
an
editor
of
this
thing.
B
Okay,
the
actual
figures
that
I
use
are
just
the
two:
the
hierarchy
and
the
you
know
the
the
CI
CD.
B
Come
here,
I'm
gonna,
add
CI,
CD
View,
oh
and
I
have
a
separate
copy
of
it.
I'm,
not
sure
why
I
know
it
needs
some
updates,
but
this
at
least
it
will
give
you
something
to
now.
Why
do
I?
Have
it
twice,
I,
don't
know
why
I
have
it
twice
that
will
confuse
everybody.
Let's
remove
that
now.
It's
only
there
once.
E
Yeah
I
like
this
new
Foundation
Temple,
though.
A
E
B
Awesome,
that's
right,
but
you
can
see
what
I've
I've
done.
I
sometimes
skip
some
of
these
slides,
and
sometimes
things
change
around
I
chose
this
as
a
starting
point,
because
it's
a
relatively
brief
introduction
and
talks
about
some
specific
projects
and.
E
The
subcommittee
idea
was
Arun,
called
it
33
30
that
you
have
basically
a
one
pager.
That
kind
of
is
more
like
an
infographic
of
what
the
foundation
is.
You
have
a
short
little
deck
that
you
could
do
in
three
minutes.
It
gives
a
kind
of
a
higher
level
overview,
and
then
you
have
a
more
in-depth
version
that
would
be
like
30
minutes
long
to
kind
of
tell
more
more
richly
develop
the
story,
but
yeah
this.
E
We
could
definitely
start
with
something
like
this
and
kind
of
collaborate
on
that
to
see
where
it
goes,
and
once
we
get
that
finalized
template
it'll
be
super
pretty.
B
Awesome:
okay!
Well,
let's
see
here
who
else
needs
edit
access?
Let's
see
here
and
I'm,
not
I'm,
going
to
oh,
it's
restricted,
I!
Don't
know
why
it's
restricted!
I'm
gonna
make
it
so
anybody
with
the
link
can
at
least
comment
on
it.
B
B
E
Cool
cool
so
to
Circle
back.
Does
anyone
have
any
other
opens?
Please
add
those
into
the
meeting
agenda.
I'll
dump
that
into
the
Zoom
chat.
There
I
have
a
couple
things
I'd
like
to
chat
about
the
cicd
diagram
and
then,
if
we
have
time
we
could
talk
about
the
continuation
that
Jay
started
about
working
group
and
sigma
charity
review.
E
If
anyone
has
any
other
topics,
please
put
that
in
the
opens
underneath
Mr
Wheeler's
item.
E
All
right,
so
I
have
had
the
great
opportunity
to
give
our
thousands
of
words
presentation
to
several
working
groups
throughout
across
the
foundation
and
overall,
a
very
positive
response
into
the
collective
work
that
this
group
has
been
toiling
away
at,
depending
on
which
set
of
stakeholders
we're
talking
with.
E
There
were
different
opinions
on
which
of
the
diagrams
they
liked
better
than
another,
but
at
the
the
one
that
received
the
most
accolades
and
desire
for
continued
refinement
was
the
cicd
diagram
that
David
did
the
initial
draft
of
and
then
based
off
of
kind
of
current
state
of
things
in
the
foundation.
I
did
an
update.
E
There
is
a
link
there
to
the
the
Ping
file
if
you're
curious,
to
see
the
embellishments
I've
added
to
the
initial
diagram,
so
I'd
like
to
see
if
we
would
like
to
invest
some
time
to
you
know
double
check
are
all
the
boxes
in
the
right
place?
Are
we
happy
with
the
colors?
Do
we
have
many
kind
of
objections
or
criticisms,
or
anything
we'd
like
to
change
about
it,
so
I'll
open
it
up
to
the
floor
here?
What
are
your
thoughts
on
the
cicd
diagram.
E
Thank
you.
This
is
completely
unlike
another
conversation
I've
had
today.
This
is
this
group
is
the
opposite
of
providing
me
an
extensive
amount
of
feedback
on
a
topic
so.
E
It's
is
this:
the
same
Core
diagram
that
David
shared
with
us
a
while
back
and
again
I've
just
updated
it
so
that
we,
it
reflects
at
the
time
things
that
were
documented
in
the
git
repositories.
A
E
So
this
is
the
update
and
kind
of
the
my
suggested
placement.
Do
we
want
to
spend
some
time
to
you
know
shuffle
the
boxes
around?
Are
we
happy?
Is
this
good
enough?
Do
we
want
to
actually
start
to
go
out
and
maybe
talk
to
some
of
the
working
groups
to
get
their
agreement
and
buy-in
and
adjustments,
or
is
this
good
enough?
We
send
it
to
the
artist.
B
In
the
Google
Doc
I
do
have
a
version
of
this
diagram
already
so
just
FYI
I
think
the
the
version
the
Google
Doc
actually
is
active,
hyperlinks
and
I
would
encourage
whatever
you
do
to
have
active
hyperlinks.
E
Yeah,
of
course
again,
this
is
just
I.
Don't
get
paid
a
dime
for
doing
any
of
this
I'm
donating
everything,
because
I
love
me
some
open
source.
This
is
not
a
final
workout,
but,
okay,
all
righty.
You
know
somebody
else
has
a
better
idea,
I'm
glad
for
them
to
take
lead.
E
So
do
I
think
this
is
a
fairly
good
representation
of
where
things
would
lie
for
the
best
practices,
vulnerability,
disclosure
and
end
user
working
groups
again
I'm
we're
welcome
to
feedback
on
those
three
in
particular.
E
Do
we
have
anyone
here
that
goes
to
any
of
the
other
working
groups
that
is
interested
in
checking
my
work,
I
made
a
guess
based
off
of
what
David
originally
had
and
kind
of
where
I
felt
logically
for
me
to
place
them,
but
do
we
have
anyone
that
participates
in
like
the
the
security
threats
or
tooling
or
supply
chain
groups
that
might
be
able
to
give
us
some
more
expert
feedback
on
placement.
D
I
was
going
to
say:
I
do
the
same,
I
mean
I
actually
lead
so
one
of
the
things
under
there
the
risk.
Well,
here's
security
Matrix
is
risk
dashboard.
So
you
can
actually
lead
that
thing.
So
so
I
can
that's
one
that
could
be
that
could
be
looked
at
there,
but
I'm
not
sure
if
Alpha
Omega
sits
under
the
working
group.
I
want
to
say
that
that's
a
project
that
sits
outside
of
the
working
group
now
I
know
it
used
to
sit
there
but
I,
know
I,
believe
it's
a
project.
E
D
We
have
no
deep
emotional
investment,
that's
you
know
like
but
like
where
six
stories,
but
one
of
the
projects,
so
one
of
the
sifts
I've
seen
that
I
know
it
used
to
be
there,
but
if
it's
still,
there
I
think
that
needs
to
be
changed,
or
it
needs
to
be
clear,
clarified
that
that's
where
it
is,
but
everywhere
else
I've
seen
it
is
like
the
alpha
omega
and
six
store.
I
was
surprised.
D
E
Door
was
purely,
and
it
was
a
donated
project
it
existed
before.
You
know
it
started
around
the
same
time.
The
foundation
was
starting
and
then
that
Community
petitioned
to
become
part
of
the
foundation
and
it
got
put
into
a
a
Sith
for
and
they've
changed
the
name
to
project
now.
D
E
It
so
that
is,
we've
and
part
of
like
Matt's
Journey.
Through
the
Mind
map
recognized
we
have
a
ton
of
inconsistencies
and
duplication
missing
elements.
So
that's
why
I
think
it'd
be
great.
If
we
actually
went
to
that
working
group
officially
and
saying
here's,
here's
what
we
think
the
picture
is,
can
you
please
adjust
it
for
us,
so
it
accurately
reflects
your
work
and
your
ideas.
Yeah.
D
E
This
we'd
have
to
ask
David
because
he's
the
one
that
gave
me
the
original
diagram
but
I
believe
in
the
context
of
this
diagram
developer
is
someone
is
writing.
Software
and
consumer
is
more
of
an
end
consumer
like
a
bank
or
Best
Buy,
or
you
know,
Lloyd's
of
London,
okay,.
E
C
E
D
Do
that
there
too
right
now,
that's
exactly
what
it
looks
like
Okay
being
a
member
of
of
that
of
that
work.
That's
a
that's
exactly
what
it
looks
like
I.
D
That
we're
also
thinking
about
the
creation
of
a
supply
chain
security
framework,
a
a
governing
one
I
know
that
that's
been
talked
about.
I,
don't
think
that
we've
put
a
proposal
together
just
yet
for
it
like
that,
but
right
now
those
are
the
three
items
that
are
in
play
and
I
want
to
say
that
I
mean
Fresca's
there,
but
I
still
think
Fresca
is
in
Community
and
communities,
status,
I'm,
not
sure
and
full
disclosure.
The
last
meeting
was
a
little.
D
What
the
last
meeting
was
a
little
touch
and
go
for
me,
I
I,
you
know
the
discussion
in
the
last
meeting
was
like
almost
to
the
effect
of
you
know,
we'd
like
to
continue
this
is
there
you
know:
do
we
have
somebody
that
can
help
with
XYZ
and
I
was
like
Wow
you'd
like
to
continue?
That's
where
we're
at.
So
that's
that's
a
shrug
to
show
the
moment
like
I.
D
Don't
I
don't
know
if
but
anyway
well
go
back
to
the
working
group
and
really
hold
down
I
know:
salsa
I
know,
s2c2f
I
know
all
the
other
things
that
happened
now,
but
we
talk
about
Fresca
as
if
it's
part
of
the
I'm
not
sure
about
that.
So
that's
surprised
that
I'll
ask
and.
D
C
D
Yeah
yeah
well,
the
the
build
one
for
salsa
is
good,
because
that's
version,
one
feels
is
just
the
build
track.
D
Their
work
to
have
a
source
track,
that's
being
talked
about
as
well,
so
that'll
go
off
into
the
source
portion,
Source,
Integrity,
okay,
so
that
part's,
fine,
the
the
Fret
the
Fresco
one,
though
the
Fresco
one
is
kind
of
a
a
bridge
from
if
you
go
from
The
Source,
all
the
way
to
the
consumer
right
so
build.
It's
like
that.
Build
pipeline,
so
that
that
might
span
across
S2
c2f
is
is
is
good
where
it's
at
you
know
good,
where
it's.
E
At
do
you
think
we
have
multiple
projects
that
would
span
across
the
multiple
bubbles
that
we
would
need
to
account
for
that,
or
should
I
just
copy
and
paste
under
their
box
for
Fresca
over
to
source.
D
Yeah
I
I,
don't
I,
don't
that's
a
great
question,
I'm,
not
sure
if
any
of
the
other
working
groups
are
working
on
something
that
spans
across
like
that
too.
D
E
Yes,
Matt,
the
actual
source
of
authority
is
open.
Ssf
scorecard.
E
Get
them
represented
correctly
and
then
for
Alpha
and
Omega
All-Star
is
not
included
they.
Basically
it's
a
lot
of
the
same
people
doing
the
development
and
they
hold
a
conjoined
working.
Sig
call,
but
officially
All-Stars
sits
underneath
another
group
in
the
git
repo,
where
it
all
starts
sitting
under
securing
critical
projects
and
again
maybe
that
needs
to
change.
Maybe
we
do
need
to
officially
put
them
together.
E
But
it's
you
know,
this
is
the
same
five
or
six
folks
lower
onto
azim
and
Jeff,
and
everybody.
E
F
E
Well,
that
doesn't
exist
yet
yeah
that
gets
proposed
next
week.
Okay
and
then
we'll
go
through
another
vote,
which
is
just
going
great
with
the
most
today
so.
E
See
it's
open
source
people
have
opinions,
but
yeah
theoretically,
there'll
be
one
there
and
then
you
know
like
the
s-bombs
everywhere
is
going
to
officially
do
a
plan
revamp
so
they'll
be
kind
of
more
formally
attacked
onto
the
mobilization
plan
at
some
point
soon.
F
No
I
have
to
see
I
I'm
impressed
I
mean
I've,
always
liked
David's
diagram
I
was
always
worried
about
it
being
imbalanced
in
terms
of
where
things
would
fall,
but
it
looks
like
you,
you
know
it
the
way
it's
presented
here.
It
looks
like
there's
a.
It
appears,
there's
a
good
balance.
Let
me
put
it
that
way:
I.
E
Hope
so
you
know
if
it
represents
things
accurately.
I
I
agree,
yeah,
it's
a
it's
a
solid
thing
to
start
with
and
we
can
easily.
You
know
make
changes.
F
C
E
F
Yeah
I,
the
only
thing
that
you
know
if
this
is
captured,
I
mean
now
Graphics
designers
can
do
miracles
in
these
things,
but
the
I,
the
one
thing
I
tried
to
factor
out
was
which
things
are.
If
there
was
some
way
in
the
the
bull
ties
list
or
some
indicator
or
something
to
indicate
a
code
project
distinguish
a
code
project,
something
had
a
GitHub
repo.
Somehow.
E
And
the
the
foundation
came
down
pretty
clearly
on
that.
If
it's
code,
it's
labeled
a
project.
If
it's
like
a
white
paper
or
a
guide,
that
is
a
Sig,
so
we
can
go
through
and
again,
that'll
require
working
with
those
working
groups
to
make
sure
that
they
get
the
names
adjusted
correctly
and
maybe
we
change.
Maybe
the
projects
are
diamond
and
yeah.
F
E
Yeah-
and
we
probably
this
needs
to
have
a
legend
and
other
stuff,
let
me
get
that
into
the
notes.
E
Any
other
thoughts
will
I
be
able
to
enlist
a
couple
of
you
to
kind
of
go
out
and
talk
to
some
of
these
working
groups
and
verify
for
us,
yeah
James.
E
D
We
have
any
coverage
from
all
the
working
groups.
I
mean
these
working
groups
are
all
here,
I
think
securing
critical
projects,
I
mean
I,
have
to
go
back
and
attend
some
of
those
meetings
in
the
secure
software.
Repos
I
gotta
go
into
some
of
the
means
too,
because
I
haven't
been
to
been
to
many
of
those,
but
all
the
other
ones.
I've
or
security.
F
Yeah
I've
been
trying
to
attend
the
Straits
only
again
since
things
kind
of
pick
back
up
a
little
bit
if
no
one's
volunteered
for
that
I
can
volunteer
for
that.
If.
E
E
E
So
how
would
you
like
to
or
I
can
make
it
a
PDF?
How
would
you
like
to
have
it
well.
E
E
And
then
you
know,
don't
lose
your
mind
map
stuff,
because
I
I
think
there
are
a
couple
things
in
motion
that
we
might
need
to
leverage
that,
as
we
actually
kind
of
go
through
and
start
to
audit
some
things
across
the
foundation,
so
that
my
map
is
very
useful
to
do
that.
Activity.
E
Or
any
additional
thoughts
or
commentary
on
the
diagram
before
we
move
on
to
maturity.
E
All
right
Jay:
do
you
want
to
talk
about
continue
our
conversation
around
maturity,
Matrix
kind
of
requirements
for
things
or
do
you
want
to
defer
that
today.
D
Let's
deferred
for
today,
I
think,
there's
a
few
other
things
that
a
few
other
things
that
we
I
would
like
to
tease
out
on
on
the
proposal
in
general,
like
I,
think
there's
a
there's
a
lot
of
stuff
that
we
need
to
I
want
to
I
want
to
get
done
with
the
bulk
of
that
document,
we're
working
on
yeah
and
then
because
I
don't
want
to
talk
about
it
separately.
I
think
I.
Think
I
don't
want
to
talk
about
separately.
E
Yeah
I
I
think
that's
fair,
so
Jay
and
I
are
working
on
a
a
proposal
to
help
try
to
maybe
get
the
foundation
a
little
more
structure
and
rigor
around
things
like
the
gaps.
The
Mind
map
exercise
highlighted.
So
we'll
definitely
come
back
to
this
group.
Once
we
have
a
more
fully
formed
idea
more
than
like
three
words
on
a
blank
document
and
kind
of
get
your
feedback
on
that,
and
then
this
actually
ties
in
with
something
that
the
governance
subcommittee
is
looking
into.
E
Well
again,
I
thank
you
for
your
time
and
attention
your
collaboration,
and
we
will
talk
again
in
two
weeks.
If
you
need
anything
sooner
mailing
list
and
slack
channel
are
always
there.
Thanks
all
have
a
great
day
idea.