►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
B
B
D
B
E
E
No
I
have
some
sort
of
problem
with
my
headphone
microphone,
which
is
not
good
because
I
live
on
it,
but.
B
Cool
all
right,
let's
go
ahead
and
get
started.
First
of
all,
thank
you
all
for
joining.
Welcome
to
what's
going
to
be
the
the
best
subgroup
of
the
education
Sig
taking
a
page
from
krobes
book.
We
are
here
to
talk
about
section,
one
create
and
curate
content
around
the
ossf
education
stream.
B
The
intent
here
as
I
think
we're
all
aware,
is
to
take
the
information
that
we
reviewed
from
the
original
mobilization
plan,
refined
it
a
bit
and
divided
up
into
three
different
groups:
we're
responsible
for
the
content
in
group,
one
I
for
CES
overlapping
in
some
areas.
Some
of
the
other
groups
will
handle
that
when,
when
the
time
is
right,
but
I
think
everybody
here
is
is
knows
each
other.
We've
all
been
on
the
education
Sig
and
the
best
practices
work
group.
So
that's
that's
good.
B
If
anyone
new
joins
us,
of
course,
invite
them
to
introduce
themselves
as
we
go
through
the
agenda
document,
I
mean,
if,
if
you
all
wouldn't
mind
helping
describe,
if
there's
a
point
that
you
want
to
make
or
a
comment
that
you
want
to
make
sure
you
get
in
there,
I
will
try
and
get
as
close
as
possible,
but
feel
free
to
go
in
and
fix
my
poor
dictation
skills
as
we
go
through
here,
and
if
anyone
has
anything
they'd
like
to
add
to
the
agenda,
please
go
ahead
and
add
it
there
to
to
the
bottom
of
the
list.
B
I
just
put
this
together
for
some
thoughts.
I
thought
that
we'd
want
to
cover,
in
our
first
meeting
figure
out
how
I
want
to
approach
this,
how
the
team
would
prefer
to
work
through
the
items,
but
you
know
this
is
a
collaborative
effort.
So
if
you
guys
have
anything
that
you
would
like
to
add
to
the
agenda
or
talk
about,
please
absolutely
do
so
any
questions
or
comments
before
we
get
rolling
cool
all
right,
hello,
Brian,.
B
Brian,
are
you
new
to
the
education
Sig.
B
Worries
we
just
got
started
again
we're
responsible
for
going
through
section,
one
of
the
education,
Sig
mobilization
stream
plan.
It's
a
lot
of
words
around
collecting
and
curating
content.
So
I
got
a
couple
links
there.
If
you
look
at
the
fourth
bullet,
there's
a
link
to
the
repo,
as
well
as
the
original
Google
doc
that
we
were
using
for
taking
notes
so
moving
forward.
B
B
Thank
you.
So
the
big
question
is:
we've
got.
We've
got
this
repo
we've
got
I
think
we
opened.
We've
got
10
goals
on
here.
If
I'm,
not
mistaken,
I
think
one
of
the
first
steps
that
we
should
do
is
go
through
and
validate
that
we
believe
all
these
goals
are
are
appropriate
for
this
team
to
be
working
on.
If
there's
something
that
doesn't
necessarily
fit
under
our
umbrella.
We
can
talk
with
the
other
teams,
but
I'm,
very
curious
and
would
like
feedback
from
everybody.
How?
I
Well,
I
think,
let's
Highline
those
goals,
but
then
I
think
by
the
end
of
today,
like
let's
get
this
as
action
oriented
as
possible.
So
let's
get
out
of
ideophase
by
like
20
minutes
into
the
call.
B
F
B
D
B
Right
excellent,
so
we'll
start
off
at
the
top
work.
Our
way
down,
make
sure
that
we
understand
what
the
goal
and
its
goal's
intent
is
and
that
it
belongs
in
this
group
additional
comments,
please
feel
free
to
make
them
or
note
them
in
the
agenda
so
number
one
review
the
existing
educational
materials
for
gaps
and
opportunities
before
training
can
be
expanded.
Materials
should
be
collected
and
collected
to
understand
what
is
available
and
what
gaps
exist
in
current
artifacts,
so
that
new
materials
can
be
created
to
fill
those
gaps
or
desired
new
areas.
B
The
sounds
pretty
slam
dunk
to
me
any
questions
or
comments
about
this.
One.
E
One
quick
comment
is:
is
you
know,
review
is
a
very
vague
word,
I
mean
you.
Can
you
can
do
a
lot
of
review
and
depth?
I
would
suggest
start
with
at
least
trying
to
identify
them
with
the
URL.
Maybe
grab
the
abstract.
If
you
want
to
give
a
couple
comments,
that's
great,
but
at
least
you
know
a
little
material
better
than
we'll
do.
Do
the
Deep
analysis
and
never
get
to
it.
D
I
E
And
indeed
that
Google
doc
is
really
rough,
but
it's
a
start.
Yeah.
D
B
Create
an
open
educational
resource
library
of
secure
development
practices
after
materials
have
been
collected
and
reviewed
a
location
to
stage
and
publish
these
items
to
Learners
will
need
to
be
created.
This
will
require
some
type
of
web
accessible
portal
and
back-end
storage
that
can
store
various
types
of
learning
materials
such
as
documents,
presentations,
webinars,
Etc,.
I
E
I
have
to
admit
that
wasn't
my
first
thought
when
I
read
this
I
read
this
as
create
a
web
page
with
a
bunch
of
links
to
this
information.
F
E
A
I
I
was
I
was
gonna,
say,
maybe
part
of
number
one
1.1
should
be
the
inventory.
While
we
review
what
the
what
other
people
have.
B
I
think
that's
a
good,
a
good
action
to
go
along
with
number
one.
E
Awesome
well
all
kidding
aside,
you
know,
first
of
all
thank
thank
for
being
here
and
yeah.
Absolutely
you
know
absolutely
looking
at
you
know,
weight
ways
to
make
things
happen
is
great.
B
Right
on
yeah,
thanks,
Randall,
all
right,
so
high
level
goal,
1.2
I
think
we're
good
with
this
one.
For
the
moment,
thanks
again,
moving
on
to
1.3
there's
a
multitask
with
my
shared
screen,
Focus,
not
just
on
development
skills
and
techniques,
but
also
Associated
skills.
Modern
developers
need
such
as
access
controls,
testing
and
validation.
F
You
know
we
could
potentially
make
that
a
task
that,
as
we
are
looking
at
the
personas,
we
also
want
to
make
sure
we're
highlighting
things
like
we
have
sec,
Ops
and
maintenance
and
other
testing
and
whatnot
as
well.
G
Should
these
be
almost
like
separate
things
like
focusing
on
education
for
the
code?
You're
writing.
You
know
classic
development
and
then
another
focus
of
education
for
so
you're
managing
a
devops
team
or
devops
pipeline.
How
do
you
need
to
think
about
the
problem?
I
I?
That
is
an
area
that
I
personally
feel
like
is
not
well
understood.
G
But
yeah
that
feels
like
two
different
courses.
If
I
was
sitting
down,
creating
a
catalog
right,
because
if
you're
the
devops
tooling
manager,
you
don't
need
to
how
to
really
worry
about
null
pointer
types
of
you
know
coding
mistakes,
you
need
to
be
thinking
about
the
supply
chain
and
managing
dependencies
and
yada
yada.
G
G
E
Well,
everything
old
is
new.
Again
we
used
to
call
them
software
in
engineering
environments
and
later
we
called
them
integrated
development
environments
and
and-
and
you.
E
G
D
D
G
E
I'm,
okay,
with
the
wider
scope
for
the
group,
but
I,
agree
that
we
better
focus
to
start
with,
or
we
try
to
do
everything
we
end
up
doing
nothing.
D
B
I
I'm,
sorry,
sorry,
what
I
really
want
to
prioritize
here
is
the
managers
of
softwares
the
trainers
and
the
contributor
maintainers.
Those
two
I
think
we
can
really
handle
under
this
Milestone.
We
have
a
whole
section
for
scholarships
that
I
think
we
can
really
be
working
on
with
the
trade
schools,
job
training
kind
of
angle,
but
I
think
that
those
two
things
should
be
really
highest
priority
for
Education
right
now.
B
H
Yeah
just
two
things
about:
first
of
all,
the
goal
of
creating
the
content:
how
to
focus
what
kind
of
content
we're
looking
for
and
my
idea
was
I
was
wondering-
would
it
be
suitable
because
of
the
discussion
that
we
just
had
in
collecting
content
to
whiteness
into
the
SEO,
so
different
content
for
development,
different
from
verification
testing
and
so
for
different
for
maintenance?
The
other
thing
is
maybe
creating
a
matrix
of
who
that
content
is
suitable
for
so
Assad
just
mentioned.
H
If
it's
a
manager,
then
it's
phase
three
or
phase
four
or
if
it's
a
developer,
it's
pastry
phase,
four
tester
or
whomever
an
open
source
software,
mental
or
whomever
it's
just
so
we
understand
what
content
is
for,
who
who's
our
Target
and
try
and
focus?
How
can
we
collect
the
correct
content
for
those
people?
Does
that
make
sense.
C
Yeah,
just
looking
at
1.3
right
after
the
devops
scenarios,
all
the
training
related
stuff
1.4
is
all
about
training,
Focus
areas,
so
moving
that
down
makes
more
sense
to
me
I'm
having
a
separate
component
for
that
understand
what
the
actual
skills
and
techniques
are
and
what
the
information
that
people
need
to
be
trained
on
in
1.3
and
then
Define.
You
know
how
we
separate
those
areas
of
focus
for
developing
managers
or
or
developers
or
what
other
staff
and
how
it
gets,
how
it
potentially
gets
disseminated.
B
Thanks
Eric
Sally,
if
your
hand
up
yeah.
I
So
the
way
that
I've
been
doing
this
that
works
really
well
is
separating
like
this
Matrix
that
you
can
do
there's
a
couple
of
great
examples,
but
one
that
works
really
well
is
having
a
matrix
that
says,
vaguely
the
audience
type
but,
more
importantly,
you've
got
three
Frameworks.
You
see
the
context,
the
solution
and
the
developer
tooling
for
each
column
of
training.
That
needs
to
be
done
and
this
allows
sort
of
for
those
different
personas.
Sometimes
they
do
need
to
jump
into
the
tooling,
and
sometimes
they
need
to
jump
back
into
the
context.
I
So
if
you
have
those,
it
makes
it
very
easy
for
someone
to
self-identify
where
they
need
to
dive
deeper,
and
it
makes
sure
entirely
that
we've
got
an
educational
pipeline
that
fills
those
little
gaps,
because
that's
really
the
problem.
People
don't
know
exactly
where
to
go.
The
level
of
information
they
want.
B
All
right
so
I
think
we
have
a
couple
good
ideas
for
how
to
organize
the
information
here.
I
I'd
like
to
go
back
to
the
original
question
of
essentially
combining
one
three
and
one
four,
and
have
one
three
be
a
sub
bullet
of
one
four.
So
one
four
is
defining
our
20
areas
of
focus.
Do
we
all
agree
that
both
of
those
goals
have
overlap
and
would
probably
make
sense
to
have
one
goal
with
some
of
the
specifics
as
tasks
underneath
it.
B
D
B
In
that
case,
I'll
move
on
to
1.5,
which
is
create
a
core
of
qualified
trainers
to
deliver
this
courseware
I
have
a
question
as
to
whether
or
not
this
belongs
in
this
group
we
are,
we
are
called
the
collect
and
curate
content
group
I,
don't
know
if
this
might
better
fit
under
I.
Think
maybe
section
two
Crow
helped
me
out
here:
I
think
with
section
two
that
was
more
focused
on
executing
on
the
training
yeah.
E
Yeah,
that
sounds
like
dump
it
to
the
other
group.
I
Is
gonna
be
good,
so
I
will
make
sure
that
this
is
discussed
tonight,
though,
because
I've
got
I
really
do
have
opinions
on
this
and
how
to
do
this
right?
I
want
to
make
sure
that
these
are.
We
just
need
to
make
sure
that
each
of
these
sort
of
training
developers
is
like
an
80
20
split
over
different
languages.
I
B
Thank
you
Sal,
please!
Let
us
know
what
comes
to
that
conversation
and
I
guess
you
can
verify
that
we
can
either
remove
this
from
our
list
and
add
it
to
another
one
or,
if
there's
pieces
of
this,
that
we
should
retain
while
other
pieces
end
up
someplace
else.
That's
fine,
too.
F
I
I
Well,
that's
what
I
did
and
it
worked
out.
Just
fine,
so
I
mean
I
would
say
kubecon's
the
best
one
for
security
just
because
there
are
more
developers
there
I
think
for
more
context.
Setting
OSS
is
great
now
scale
and
fostom
Foster
more
more
so
are
useful,
but
I
literally
would
prioritize
right
now
for
a
lot
of
this
training
kubecon,
it's
just
where
the
developers
show
up
so
and,
like
start
small,
make
sure
it
works
and
then
try
the
other
ones.
J
F
Is
where
we
would
adjust.
F
H
B
But
you're
right,
yeah,
all
right,
moving
on
to
1.7,
create
unified
approach
to
delivering
certification
and
badging,
no
matter
where
such
training
has
been
delivered.
Building
upon
the
existing
Linux,
Foundation
certification
infrastructure,
again,
I
know
that
we've
talked
a
lot
about
badging
in
a
couple.
Different
contexts.
Is
this
something
that
belongs
to
this.
I
E
E
Yeah
just
FYI
wherever
this
lands
I
know
a
number
of
the
folks
within
the
LF.
You
know
certain
training
so
happy
to
make
any
introductions.
If
anybody
wants
that
they're
they're,
they
they
love
to,
they
love
to
get
their
stuff
used.
I
That's
a
good
idea:
we
should
set
up
a
brainstorming
session,
but
we've
got
we
got
to
get
through
the
goals:
first,
okay,
so
okay,
so
the
badging
goes
to
section
three,
so
we
don't
need
to
cover
it
and
then
goal
eight.
B
E
E
B
Group
I
I
think
an
aspect
of
eight
might
be
this
group
as
well.
We
are
collecting
we're
collecting
curate
content,
not
actually
create
content.
Yeah.
E
F
E
E
That
does
raise
an
issue
and
I
I'm
frankly
useless
on
this
I
I
I'm.
Basically
only
an
English
speaker,
I
I
learned
enough
French
to
to
read
some
things
but
I'm
terrible
at
it.
So
we
probably
ought
to
try
to
collect
and
curate
things
that
are
not
in
English
and.
I
I
don't
know:
okay,
so
I
mean
most
cncf
kind
of
solved.
This
problem
in
a
way
that
I,
like
so
most
developer,
resources
are
in
English,
but
right.
I,
give
talks
in
Spanish
too
and
like
sometimes
stuff
like
supply
chain,
is
really
hard
to
translate.
So
cncf
has
their
own
cloud
computing
like
multilingual
repository,
it's
just
on
GitHub
and
you
have
a
slack
associated
with
it
as
well.
So
you've
got
multiple
language
speakers.
I
You
all
agree
on
some
translation
and
then
you
put
it
in
so
that
could
be
yeah,
so
it
should
be
open
sourced
and
it
allows
it
to
be
like
sort
of
intrinsically.
It's
I
mean
it's
going
to
tell
you
who's
looking
at
the
documentation,
so
you
don't
have
any
questions
about
what
language
should
be
prioritized
and
then
it
makes
sure
that
they
agree
on
that
language,
which
is
incredibly
important.
I
I
Yeah,
let
me
go
I'll,
find
the
link
to
it
real,
quick,
but
it's
so
useful.
E
B
Thanks
for
that,
Sal,
so
does
this
belong
in
this
group?
It's
a
portion
of
this
belong
in
this
group.
If
so,
let's
refine
it
and
make
sure
that
what
we're
not
taking
on
is
owned
by
somebody
else.
F
So
I
would
suggest
cloning
one
nine
and
bobbing
that
over
to
Glenn
in
group
two
and
then
we
can
adjust
1
9
to
be
maybe
I,
identify
or
prioritize
existing
content
for
localization.
E
Okay,
so
you
know,
if
there's
a
recent
work
within
the
open,
ssf
to
start
creating
a
glossary,
so
that
might
also
be
the
oh
wait.
We
should
have
ways
to
translate
those
terms.
B
Last
but
not
least,
let's
jump
to
110.,
which
is
identify
areas
where
developers
are
copying
or
extracting
insecure
code
Snippets
and
work
to
correct
the
most
widely
applied
vulnerable
Snippets.
In
order
to
address
comic
problems
and
challenges
such
as
those
found
on
stacked
overflow,
provide
justification
and
reasoning
on
the
change
to
support,
educating
adopters
of
Snippets
and
ensure
that
proposed
text
is
properly
licensed
as
OSS
such
as
MIT,
not
just
CC
license,
because
they
don't
address
patents
build
on
existing
research
in
this
area.
C
So
being
that
this
is
more
about
potentially
curating
material
and
other
components
is:
is
it
on
this
group
to
actually
identify
and
potentially
fix
the
Snippets
versus
working
with
Alpha,
Omega
and
other
groups
to
help
educate
and
document
some
of
the
reality
of
what
the
vulnerabilities
were
and
and
make
it
more
transparent
to
people
I'm?
Asking
because
is:
is
our
this
Charter
to
actually
work
on
and
fix
or
remediate
problems,
or
is
it
more
to
educate
people.
B
F
Maybe
we
adjust
this
to
be
identify
patterns
of
how,
where
developers
are
doing
this,
behavior
and
potentially
identify
identify
or
suggest
that
guidance
is
created?
Would
that
be
a
better
alternative
path
for
us?
No.
E
Okay
yeah,
so
this
is
there's
actually
been
several
papers
in
this
area.
If
you
I'll
have
to
drink
them
up
because
they
are
our
eye-opening
papers.
This
is
not
about
fixing
a
program
which
is
really
where
Alpha
Omega
is
going
to.
If
you
go
back
and
say
where
you
know,
I
keep
seeing
the
same
vulnerability
across
hundreds
of
unrelated
programs,
and
the
answer
is
almost
always
it's
the
top
answer
in
stack
overflow,
so
a
vast
over
programmers.
How
do
they
write
programs
they
type
into
Google?
What
code
they
want?
E
E
So
this
is
a
problem,
but
this
isn't
really
an
alpha
omega
problem,
because
Alpha
Mega
is
focusing
on
projects.
I
mean
they.
F
E
I
Mean
this
has
to
stay,
and
this
is
literally
like
the
most
important
thing
to
be
on
these
goals
right
now.
This
is
year
two
right,
so
we
have
time
to
put
this
in
place.
What
you're
talking
about
is
the
cognitive
engineering
of
Open
Source,
which
is
my
favorite
thing
so
assassin's
staying
because
of
that,
but
also
it's
absolutely
necessary
right.
So
their
information
processing
for
stack
Overflow,
that's
great!
That's
going
to
be
the
resource!
I!
Don't
want
to
remove
that,
but
we
have
to
embed
an
awareness
of
vulnerabilities
into
that
platform.
I
E
C
I
We
really
genuine
like
this
is
a
side
topic,
but
we
need
a
license
for
that.
Osi
is
already
considering
a
license
for
that
that
space
is
just
not.
I
We
do
not
have
laws
set
up
for
that
kind
of
development
and
style,
but
even
with
that,
you
know,
stack
Overflow
is
where
people
people
specifically
are
making
their
decision
points.
So
we
need
to
put
that
cognitive
information
where
it's
being
used.
D
F
C
I
So
can
we
move
the?
Can
we
if
I
can
build
a
rewards
and
incentives
part
around
the
licensing?
I
think
that
would
be
really
valuable,
or
maybe
it
moves
into
active
education,
because
that's
really
super
necessary.
Let's
actually
move
that
into
active
education
right,
because
the
end
goal
in
embedding
this
would
be
year
two
if
in
year
one
we
can
get
awareness
of
it
and
people
will
be
more
responsive.
E
I
Least
I
actually
I
do
disagree
on
this.
I
think
that
the
first
part
of
the
school
should
stay
in
this
subgroup,
specifically
because
I
think
it
really.
It's
like
we
I
would
like
to
move
the
model
closer
to
real
time
when
we're
talking
about
cyber
security,
because
cyber
security
is
real
time.
So
I'd
love
that
to
be
considered
information
right.
We're,
providing
and
surfacing
information
in
this
subgroup
and
I
think
that
this
first
part
of
this
goal
is
that
in,
like
the
most
truest
form.
I
J
It'd
be
interesting
to
know
right
because
it's
like,
if
the
problem
you
know
essentially,
is
at
their
front
door
and
they've
not
done
anything
to
try
and
at
least
build
some
awareness
about
it
themselves.
It
might
motivate
them
to
take
a
first
step.
While
we
try
and
figure
out
what
else
we
might
do
to
support
it.
H
Oh
yeah
I
just
asked
a
question
and
I'm
I'm
trying
to
get
my
head
around
the
sack
overfill
problem.
It's
like
whack-a-mode
and
I.
Don't
think
it's
the
root
of
problem.
What's
the
act
like
that's,
that's
a
symptom
of
the
actual
problem,
people
taking
code
that
they're
not
aware
of
that
it
may
cause
security
problems
like
how
can
we
actually
address
the
root
of
the
problem,
which
is
for
us
collecting
and
curating
information?
I
I
was
trying
to
map
it
to
the
most
weaknesses.
I
I
mean
this
is
how
I
would
see
this
executing
so
in
this
first
year,
if
we
focus
around
context
setting
first,
which
is
what
people
basically
need
like
I
have
I've
worked
with
maintainers
of
major
projects,
I've
gotten
them
to
install
the
best
security
practices,
and
then
they
often
remove
them
because
they
find
that
the
labor
is
too
much
the
labor
to
maintain
an
awareness
right
because
the
day-to-day
of
a
developer,
if
they're
spending
an
hour
even
on
just
reading
up
on
vulnerabilities
they're,
not
able
to
do
their
jobs
that
they
enjoy
a
very
specific
type
of
person
likes
to
be
infosec,
and
that's
really
the
problem
here.
I
So
we
can
do
contact
setting,
we
can
do
Solutions
available
and
that's
just
generally.
How
do
you
solve
these
problems
and
we
can
do
basic,
tooling,
that's
ready,
and
if
we
can
backlink
the
vulnerabilities
to
that,
then
anyone
would
be
able
to
extract
exactly
the
content
that
they
need
need
right,
we'll
build
a
database
that
says
we
understand.
Generally,
this
vulnerability
class,
the
tooling
and
the
context
and
the
solution
you
can
look
into
any
of
those
toolings.
I
H
E
E
Sure,
but
let
me
but
I
I,
don't
think
what
I'm
going
to
say
is
any
different
for
copilot
either.
If
the.
If
the
solution
is
read
copy,
you
know
go
to
the
solution
on
stack,
Overflow
or
copilot,
and
then
separately
do
some
research
to
see
if
it
suggested
a
good
answer.
E
Everybody's
gonna
do
step
one
and
never
step
two.
So.
E
But
the
problem
is
that
the
automated
tools
give
them
the
wrong
answers.
The
problem
here
and
the
solution
is
to
try
to
find
the
worst
strong
answers
and
get
and
stop
that
not
hey.
Here's
the
wrong
answer,
but
if
you
do
some
special
research
you'll
find
out
the
wrong
answer.
99
of
100
will
not
do
step
two.
They
have
working
code,
they're
already
moved
on.
C
E
That's
not
to
say
education
is
bad
education
good,
but
this
is
the
issue
of
they're
extracting
code
and
repeatedly
reinserting
it
because
they
they
keep
getting
the
wrong
answers.
I
Well,
I
think
you're
speaking
to
the
central
time
of
the
tentative
cyber
security
right,
it's
like
trust
but
verify,
and
how
do
we
provide
the
right
information
to
the
developer
to
actually
verify?
That's,
that's
something
that
we
really
should
be
thinking
about.
As
we
start
to
engineer
the
database
behind
that.
E
I
So
how
do
we
so
how
in
this
case,
how
do
you
visualize
the
end
outcome
of
an
integration
with
stack
Overflow,
because
I
would
I
would
literally
label
directly
under
a
known
vulnerability,
snippet
known
vulnerability
with
a
track
tagged
in
the
cve
and.
B
Yeah,
if
I
may
yeah,
if
I
may
I'm
sorry
to
interrupt
that,
I
think
this
is
an
excellent
conversation,
but
I
think
we're
starting
a
little
much
here.
Right
now
and
I
think
this.
This
definitely
be
a
topic
we
dive
much
deeper
into
in
the
future.
But
let
me
get
back
to
the
the
question
at
hand
here
as
far
as
how
to
handle
this
goal.
This
is
still
a
year
two
goal
and
it's
identified.
B
There
was
a
suggestion
to
keep
the
first
part
of
the
goal
in
this
group,
which
I've
got
highlighted
on
the
screen,
identify
areas
where
developers
are
copying
or
extracting
code.
Snippets
work
to
correct
the
most
widely
applied
vulnerable
Snippets
in
order
to
address
common
problems
and
challenges
such
as
those
found
on
stack
overflow.
D
B
Then
we
would,
we
would
take
the
second
part
of
this
and
and
move
it
to
a
more
appropriate
group.
E
E
I
subset
that
further
I
would
say,
identify
the
systems
where
developers
are
copying
or
extracting
the
insecure
code
from
and
then
stop
there
and
the
rest
of
that
is
execution.
So,
basically,
we
just
had
an
awesome
conversation
that
I
hadn't
thought
that
hard
about,
but
you're,
absolutely
right.
It's
more
than
stack
Overflow,
co-pilot's,
gonna,
I.
Think
Roar
right
in.
B
Yeah
and
and
your
your
point
was
right
on
data-
doesn't
bring
that
up,
because
I
think
the
work
to
correct
piece
of
this
we
needed
to
remove
so
the
current
proposal.
If
you
look
in
the
the
agenda
doc
you'll
see
it
first
part
will
keep
identify
the
systems
where
developers
are
copying
or
extracting
insecure
code.
Snippets
of
line.
That's
we'll
keep
that
here
in
our
group
and
then
the
remainder
of
it
has
been
Consolidated
into
provide
a
better
solution
for
correcting
code
Snippets
and
that
will
go
to
I,
guess
likely.
Group
two.
E
E
D
I
B
Yep,
that's
I
thought
I
grabbed
what
you
said
when
you
made
the
statement
so
hopefully
that
yeah
that
covers
what
you're
trying
to
say.
E
Yeah,
you
know
what
I
don't
I
hate
to
lose.
The
co-pilot
better
I
may
not
capitalized
that
correctly.
B
F
Now
that
we've
gone
through
and
kind
of
pruned
the
goals
a
little
bit
and
we'll
have
a
proposal
show
kind
of
a
final
proposal
to
everyone
later.
Does
anyone
have
any
initial
thoughts
of
other
areas?
We
gaps?
We
have
for
identifying
or
curating
content.
C
H
B
Everybody
there
was
one
point:
I
did
want
to
touch
on
before
we
racked
this
up,
so
I
will
go
through
and
start
making.
Some
changes
in
the
get
based
upon
we
talked
about
today.
I
will
have
a
conversation
with
my
my
good
friend
Glenn
about
all
the
cool
stuff
that
we're
offering
him
as
an
opportunity
to
look
at
his
group
I'm.
Expecting
me
to
get
some
stuff
back
from
the
other
groups
as
well,
which
is
absolutely
fine.
We
can
work
with
that
as
it
happens.
B
So
two
things
left
the
first
one
is
the
meeting
on
September
15th,
which
is
OSS
EU
week.
It
I
I.
Think
the
right
thing
to
do
is
probably
cancel
this
meeting,
but
I
wanted
to
pose
it
to
the
group
and
see
what
your
thoughts
were.
I
I
F
They
just
released
the
docket
of
speakers
for
openssf
day.
They
have
a
couple
sections
I,
don't
think
they've
defined
yet
like
breakout
sessions,
so
we
probably
could
petition
for
that.
Let's.
I
Excellent
cool,
let
me
know,
because
I
definitely
would
like
to
have
a
nice.
B
F
E
You're
likely
to
have
some
more
people
there,
though
Crow.
B
Be
great
I
think.
That's,
that's
absolutely
a
good
idea.
The
next
thing
I
wanted
to
touch
on
before
we
wrap
it
up
for
today
is
homework,
and
next
steps.
B
I
will
go
through
and
make
the
adjustments
in
the
the
get
based
on
our
feedback.
What
else
should
we
so
we're
gonna
have
four
week
stream
meetings?
What
what
other
tasks
do?
We
think
we're
ready
to
take
and
start
working
on
offline.
E
Dave
this
is
David
wheeler
I
mean
we've
got
that
Google
doc.
That
attempts
to
start
at
a
list
I
realize
it's
pretty
immature,
but
would
would
it
be
a
good
thing
to
convert
it
to
markdown
on
GitHub
and
then
start
trying
to
get
people
to
add
to
it
or
what's
the
goal
1-1.
B
I
we've
already
done
that
I
think
we're
talking
about
the
same
thing.
So,
oh
here's,
the
here's,
the
link
I'll,
throw
in
the
chat,
please,
where
the
heck
is
my
channel
I.
F
Yeah
we
converted
it
to
markdown
David,
so
we
can
once
let's
let
Mr
Russo
adjust
based
off
of
our
call
today,
but
then
afterwards,
we
are
free
to
start
submitting
PR's
for
adjustments.
E
Oh,
no,
that's
not.
The
document.
I
meant
I
meant
the
the
Google
Doc
that
tried
to
list
existing
materials.
Yeah.
I
C
E
E
C
H
E
H
E
And
I
I
did
I
did
Mark
that
when
I
commented
about
it
it
is
absolutely
rough
rough.
I
B
So
would
we
prefer
to
I
think
I
see
both
points
here
at
this
point
based
on
the
information
and
the
fact
that
it
is
a
brain
dump
in
the
Google
document
that
we're
talking
about
listing
the
educational
materials?
Would
we
prefer
to
continue
to
work
in
that
document?
For
the
moment
until
we've
got
the
majority
of
the
information,
then
convert
it
into
markdown
or
refer
to
convert
into
markdown
now
and
then
use
PRS
to
update
it.
Yeah.
I
B
H
For
collaboration
really
fast
brain
dump
stuff
and
we
can
review
together,
maybe
I
think
our
first
step
would
be
maybe
to
structure.
So
people
know
where
to
dump
different
types
of
information,
because
at
the
moment
there
is
no
structure
to
that
dock.
So
maybe
we
could
structure
into
what
we
decide
and
how
we're
going
to
collect
information.
So
if
it's
I
don't
know,
I
have
I
have
a
full
brain
dump
of
LinkedIn
stuff
there,
but
it's
covering
everything
in
one
area.
Maybe
you
know
we
could
have
areas
to
decide
to.
A
I
B
All
right
so
everyone's
homework
for
next
time.
Additionally,
aside
from
adding
PR's
to
the
goals
and
such
once,
I
get
them
updated,
can
you
use
the
Google
Doc
for
the
educational
materials?
Add
additional
materials
in
there?
If
you
have
ideas
on
how
to
organize
and
structure
those,
please
put
those
in
that
document
as
well,
and
we
will
review
that
the
next
time
we
meet.
D
Being
donated
to
the
foundation
right,
it's
it's
red
heart
or
Intel,
based
content,
which
is
linked
right.
Okay,.
B
All
right,
hey
thanks,
very
much
everyone.
This
was.
This
is
great,
glad
we're
finally
rolling
on
this.
If
anyone
needs
anything,
you
know
how
to
get
in
touch
with
chrome
or
myself
or
any
of
us
on
the
group.
The
emails
are
listed
in
your
your
sign-ins
have
a
good
rest
of
the
day.
Awesome
thank.