►
From YouTube: OSS-SIRT SIG - Part of BEST WG (August 31, 2022)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
C
What's
the
bottom
line
say
yeah
I
appreciate
that
shirt.
A
Let's
get
rolling
I'm
hoping
Sal
joins
us,
because
I
need
to
get
an
update
on
scheduling
her
subsection,
so
welcome
everybody
to
the
August
31st
edition
of
the
education.
Sig
I
posted
a
link
to
our
meeting
notes
in
the
zoom
chat.
If
you
could
Mark
your
attendance
and
note,
if
you
have
any
items
you
desire
to
talk
about
today,
do
we
have
any
new
friends
that
are
joining
us
for
the
first
time
that
wanted
to
introduce
themselves.
A
All
right
so
I've
been
a
bad
facilitator.
A
Bad
Crow
I
have
not
yet
contacted
the
foundation
folks
because
I've
been
waiting
for
a
determination
on
our
section
three
meeting
time
so
after
this
call
I'm
going
to
reach
out
to
Sal.
Unfortunately,
the
doodle,
because
I'm
just
a
participant
I,
can't
see
all
the
results,
but
I
have
a
note
queued
up
to
the
openssf
folks,
Jennifer,
Jory
and
Khalil
to
see
about
getting
our
three
meetings
set
up.
A
C
Things
yeah
I
wrote
for
now
is
just
use.
My
personal
programs
also
so
in
the
future,
I
will
swap
it
with
the
one
from.
A
The
foundation
awesome,
that's
excellent.
Dave
wants
to
use
whatever
tooling
he
has
or
I
can
provide
him
a
tool
to
facilitate
the
meeting.
Tomorrow
and
again
then
I
I
need
to
have
our
friend
Sal.
Give
us
a
report
on
what
time
the
section
3
is
going
to
meet.
So
I
can
get
things
rolling,
Vicky.
C
Day
week,
five
day
weekend,
three
day
week
anyway,
that
aside
Dave,
if
you
need
I,
also
have
a
zoom
that
I
pay
for
so
I
can
float
you
a
link,
if
you
don't
have
something,
but
I
think
everyone
has
access
to
something.
So
just
in
case,
if
you
need
it,
pay
me
happy
to
oblige.
B
A
I
will
send
you
a
delightful
video
Pro
chat
program
produced
in
Redmond,
Washington
it'll
be
great
and
we'll
use
that
for
the
first
call
tomorrow,
all
right,
we
can
focus
in
on
our
sections
and
start
to
make
some
progress
on
things,
but
I
will
today,
I
will
be
sending
the
the
note
over
to
the
foundation.
Regardless
of
you
know,
the
status
I
can
get
back
from
Sal,
we'll
just
get
the
two
officially
on
the
open,
ssf
calendar
and
hopefully
start.
B
A
B
A
Again,
as
a
reminder,
everybody
is
welcome
to
attend
these
Focus
meetings
because
we're
not
excluding
anybody
we're
just
trying
to
focus
zero
in
on
that
particular
topic,
so
we
can
make
quicker
progress
and
ideally
once
we
get
the
things
officially
in
the
foundation
Zoom,
we
will
be
able
you'll
be
able
to
view
those
recordings
on
YouTube
and
we'll
have
reports
back
to
the
larger
group.
A
As
a
side
note,
I
talked
to
a
college
professor
friend
of
mine.
This
morning
he
runs
a
program
in
Cleveland
Ohio,
where
he
actually
teaches
purple
team
skills
to
his
students,
so
he's
an
actual
educator
teaching
cyber
security
and
I'm
going
to
ask
him
he's
going
to
take
a
look
at
the
initial
plan
that
the
foundation
produced,
as
well
as
our
refine
plan,
and
give
us
some
suggestions
and
comments
from
an
educator
perspective
and
I'm,
hoping
to
lure
him
and
his
friends
other
professors
and
whatnot
students
in
to
kind
of
participate
more?
A
C
Yes,
man,
so
just
very
very
quickly.
Fyi
I
was
on
a
call
yesterday
for
open,
Forum
Europe,
which
does
a
bunch
of
policy
stuff
across
Europe
for
open
source
and
all
things
open,
also
co-organized
by
the
Atlantic
Council,
who
does
a
bunch
of
policy
stuff
over
here,
and
people
were
complaining
that
there's
just
not
enough
education
for
security
out
there.
C
The
entire
session
yesterday
was
about
open
source
supply
chain
security,
and
so
I
did
tell
them
that
this
sig
exists
and
I
gave
them
information
about
how
to
find
this.
So
maybe
we
can
start
getting
some
additional
people.
C
So
if
we
get
new
folks
showing
up
from
Europe
and
the
like,
because
we're
at
definitely
a
European
friendly
time,
it
would
be.
You
know
just
FYI,
that's
where
they're
coming
from
so
hopefully
fingers
crossed.
We
can
get
some
of
those
people
coming
in
to
help
us.
A
That's
awesome,
thank
you
for
doing
that
and
in
the
future,
if
we
need
to
have
alternate
time
zone
meetings
like
if
we
need
to
have
an
immediate,
focused
call
this
time's
okay,
but
if
we
need
to
move
it
even
further
to
try
to
get
you
know,
Central
Europe.
We
can
make
adjustments
same
thing
for
APAC.
If
we
have
folks
in
APAC
that
are
participating,
we
can
kind
of
figure
out
a
way
to
do
time,
slot
swapping.
A
If
we,
if
we
need
to
any
questions
or
comments
about
our
work,
going
forward.
A
The
next
official
meeting
of
the
full
Sig
is
going
to
be
on
September
7th.
So
oh
that's
next
week,
so
you
don't
get
any
time
off
yet,
but
in
the
future,
you'll
have
time
off.
A
All
right,
I
had
an
open
from
a
an
another
group
that
I
Moonlight
with.
A
If
you
could
draw
your
attention
to
issue
a
love
issue,
we
have
11
issues
so
far
you
can
look
at
Issue
11
in
our
git
repo,
please,
the
vulnerability
disclosure
working
group
is
creating
a
second
vulnerability
disclosure
guide,
and
this
one
is
focused
on
finders,
so
security
researchers
that
are
trying
to
report
to
open
source
projects
and,
throughout
the
course
of
our
work
we
just
we
determined
we
needed
to
have
a
dictionary,
a
glossary
of
terms
that
had
kind
of
standard
definitions.
A
When
we
say
x
we
mean
y
and
while
the
the
working
group
can
put
that
information
together,
they
felt
that
it
was
potentially
better
served
to
have
a
permanent
home
somewhere
and
they
suggested
Issue.
11
here
is.
Perhaps
this
group
is
interested
since
we're
focused
on
education.
Perhaps
we
may
be
interested
in
taking
ownership
and
crafting
that
glossary
of
terms
for
the
whole
Foundation
and
I
can
share
with
you
the
link
to
the
document.
If
you
want
to
see
what
it
looks
like
and
I
will
let
Vicky
ask
her
question
while
I
do.
C
That,
okay,
there
we
go
unmuted,
so
this
is
actually
something
that
I'm
increasingly
seeing
is
larger
than
just
open.
Ssf
and
this
question
of
terminology
and
trying
to
standardize
terminology
has
come
up
in
the
meetings
I've
been
in
for
sisa
for
IET
IEEE,
or
is
it
ietf
whatever
their
skit
stuff
I'm
sitting
in
on
that
ofe?
Yesterday?
C
It's
it
spdx
it's
coming
up
everywhere,
just
in
the
past
couple
of
weeks,
which
I
find
to
be
really
kind
of
moderately
entertaining
that
everyone
is
circling
around
the
same
question.
So
if
we
take
this
on,
I
think
this
is
something
we
need
to
get
a
lot
of
exposure
for
right
at
the
very
start,
but
that
aside,
big
plus
one
on
taking
it
on
I'm,
just
not
entirely
sure
we'll
have
the
Cycles
to
do
so.
A
Awesome
Emily.
D
There
has
actually
like
same
thing
that
Vicky
said:
there's
actually
been
a
lot
of
discussion
around
this
over
the
past
couple
years,
particularly
in
cncf
and
some
of
the
papers
that
we've
been
writing.
The
problem
was
identified
that
there
is
a
fundamental
lack
of
clarity
in
some
of
the
security
oriented
terminology,
especially
as
it
pertains
to
Cloud
supply
chain
and
Cloud
native
architectures
and
components,
so
I
dropped
the
links
to
a
few
lexicons
and
glossaries.
That
I'm
aware
of
that,
some
work
has
already
been
done.
D
I
saw
you
posted
the
CBD
guide
for
finders
glossary,
so
I
think
we
can
core.
We
can
pull
all
of
the
existing
body
of
work
together
and
just
kind
of
make
sure
that
there's
no
duplication
as
an
initial
first
pass
from
a
terminology
perspective,
but
I.
Imagine
that
there
are
other
areas
of
work
within
the
foundation
that
we
may
not
be
immediately
mindful
of
that
lack
Clarity
there
as
well.
A
Is
it
it's
a
much
larger
effort
than
one
group
and
since
it
seems,
since
you
know
we're
the
education
people
I
felt
it
might
be,
this
might
be
a
nice
place
for
the
home
it
to
be
a
home
and
house
to
coordinate
and
facilitate
with
other
groups,
and
my
desire
is
not
to
write
our
own
definitions
unless
there's
something
super
specific,
like
within
vulnerability
disclosure
there's
some
super
specific
terms
that
apply
only
in
that
area,
but
as
we
get
to
things
that
are
more
broadly
use
like
maintainer,
for
example,
I
would
like
to
refer
to
any
canonical
definitions
that
already
exist
in
prior
art,
Mist,
ISC,
squared
any
of
the
other
foundations
or
security
focused
organizations.
A
So
we
would
be
kind
of
cultivating
and
curating
this
list
and
I
I
agree
with
Vicki's
statement
that
it
could
be
it's
going
to
be
additional
work.
This
is
something
that
I'm
willing
to
donate
some
time
to
I'm,
pretty
sure
Mr
Wheeler
probably
would
like
to
donate
some
time,
since
he
has
some
experience
in
terms
and
definitions.
A
So
I
think
we,
if
we're
if
the
group,
if
this
sig
is
interested
in
taking
this
on,
we
can
find
some
members
that
are
willing
to
help
facilitate
and
kind
of
pull
together
all
the
other
sources
and
groups
that
need
to
be
included.
David.
Do
you
have
something
you
want
to
say.
B
Yeah,
real,
quick
plus
one
on
the
steel
definitions
from
others,
I
think
it's
sorts,
I
think
I
think
it's
Miss
that
but
I
think
I've
seen
several
places
where
definition
and
where
you
got
it
from
making
sure
you
get
the
right.
You
know
citation
so
absolutely.
A
Yeah
and
as
Emily
notes
in
the
chat,
we
have
the
ability
to
augment
any
existing
definitions
with
the
context
with
which
we're
speaking
of
open
source
security,
open
source,
Supply
chains,
those
types
of
things
so
could
I
get
a
quick
show
of
hands,
either
a
thumbs
up,
plus
one
in
the
chat
or
minus
one,
or
a
check
mark
or
X
kind
of
get
a
temperature
from
the
team.
Here.
How
we
feel
about
potentially
taking
on
this
as
an
item
of
work
for
this
group.
A
All
right,
so
it
looks
like
two
three
four
five,
six
8
9
10
11.,
so
11
of
us
I'll
give
a
12th
a
thumb.
So
it
looks
like
this
group
is
interested
in
taking
on
this
work
and
I
will
get
something
set
up
in
our
git
repository
as
a
start
of
an
open,
ssf
dictionary,
so
to
speak,
and
then
I'll
figure
out
I'll
talk
to
the
TAC
first
and
then
I'll
probably
hit
the
slack
channels
and
all
the
different
lists
asking
for
participation
in
collaboration
on
this
project.
Emily.
C
D
Is
there
an
expectation
that
this
group
will
require
the
deliverable
of
that
glossary
will
require
attack,
finalization
and
approval
and
review
post
two-week
public
comment
period?.
A
No,
the
working
groups
and
sigs
are
empowered
to
kind
of
self-manage,
so
I
would
be
informing
the
attack
we'd
like
to
do
this,
we'll
get
their
opinion.
If
it's
a
very
negative
opinion.
I'll
come
back
to
the
group
and
we
can
you
know
potentially
regroup,
but
I.
Don't
anticipate
there'll,
be
a
problem
and
we
are
totally
empowered
to
manage
this
as
we
see
fit
afterwards.
A
Now,
if
there's
like
funding
requests
those
types
of
things,
we
need
to
have
more
formalized
process
talking
to
the
tech
and
the
governing
board,
but
for
something
like
this,
where
we're
making
an
artifact-
and
you
know-
kind
of
kind
of
getting
cross-group
collaboration,
we're
totally
empowered
to
manage
that.
A
Pull
this
up
if
anyone
is
interested
in
reviewing
what
the
tack
is
working
on
in
this
Charter
that
Emily
alluded
to,
so
we
are
in
the
final
steps
of
creating
a
1.0
process
for
how
the
foundation's
going
to
operate
and
kind
of
manage
itself.
Where'd
112
go.
A
A
So
if
anyone
is
interested
in
the
business
of
the
foundation
and
kind
of
see
how
we
plan
on
operating
in
the
future,
please
feel
free,
as
this
PR
is
open
for
public
comment
now,
the
whole
Foundation
is
welcome
to
take
a
look
at
it,
give
your
thoughts
and
feedback,
so
this
will
be
kind
of
the
operating
model
of
how
the
tech
and
working
groups
and
sigs
will
be
handled
from
now
on.
Hopefully,
so,
if
you're,
if
you're
curious
and
interested
take
a
peek
at
that.
A
Where
was
I
all
right?
Do
we
another
Kara.
E
Yeah
I,
actually
I
just
had
a
question
on
the
on
this
sort
of
this
taxonomy
or
this.
This
idea
of
getting
some
lexicon
or
glossary
going
I'm,
just
I
was
looking
at
the
links
that
people
are
dropping
in
the
chat
and
there
are
existing
lists
out
there,
and
so
I
was
wondering
if
we
can
clarify
what
is
the
problem.
That's
causing
as
Vicki
was
saying,
you
know
three
or
four
different
requests
in
different
groups
is
the
problem
that
there
are
too
many.
E
Lexicons
is
the
problem
that
they're
not
open
source
specific
enough
or
they're,
not
defining,
say
provenon,
says:
salsa
uses
it.
What's
what's
the
problem
that
we're
trying
to
solve
here
otherwise,
I'm
afraid
we'll
just
end
up
with
another
lexicon,
amid
all
the
others
that
people
won't
know
which
one
to
reference.
A
I
think
the
problem
is
twofold:
first
off,
if
you're,
looking
at
the
purpose
of
the
cvd
guide
for
finders,
we
have
a
group
of
stakeholders
we're
interacting
with,
and
we
want
to
have
precise
definitions
of
when
we
say
this
term.
This
is
what
we
mean
so
in
the
context
of
that
group
or
body
and
then
secondly,
as
Vicki
notes
within
the
ecosystem,
there
seems
to
be
a
lot
of
confusion,
a
lot
of
need
to
have
that
standardization,
so
I
I,
don't
want
to
recreate
the
wheel
wherever
possible.
A
I
would
encourage
us
to
reuse
existing
art
and
authoritative
sources,
but
I
know
for
the
foundation.
I
think
it's
important
that
when
the
foundation
uses
X
or
Y
term
that
we
have
a
a
common
frame
of
reference
and
meaning
with
which
we're
all
referring
to,
we
can
publish
this
out
into
the
world
and
then
again
it
it
doesn't
it's
more
of
a
Federated
model
that
if
the
cncf
has
an
awesome
definition
that
most
people
agree
with
I'm
going
to
cite
that
and
refer
to
it.
E
Absolutely
yeah
and
I
see
Emily,
saying
also
lack
of
Discovery
is
a
contributing
factor
so
that
that
makes
a
lot
of
sense.
I,
don't
know
if
anybody
knows
any
taxonomers,
they're
they're
great
at
this
kind
of
thing.
E
I
know
one
I
don't
know
if
I
can
pull
pull
them
in,
but
if
anybody
knows
taxonomers
that
they
could
get
to
work
on
this,
they
they
make.
This
work
go
really
fast.
A
Well,
that's
we've
already
used
four
terms
for
the
same
thing:
glossary
lexicon,
dictionary
and
taxonomy
exactly.
A
If
not
I'll
remind
you
that
section,
one
will
be
meeting
tomorrow
at
9,
A.M
Eastern,
we'll
get
a
meeting
invite
out
later
today
with
a
temporary
placeholder
and
get
that
out
to
the
mailing
list,
we'll
post
it
in
slack
as
well,
so
that
we
can
start
that
and
then
later,
in
the
day
blend
section
two
will
be
meeting
at
4,
30
Eastern,
which
must
be
really
late
for
you,
man,
that's
a
weird
time,
I'm!
Sorry
about
that.
Yeah.
A
B
D
So
I
will
not
be
able
to
attend
tomorrow's
meeting.
I'm
sure
there
are
lots
of
other
folks
that
are
interested
in
participating,
but
will
not
be
able
to
make
the
time
for
whatever
reason
I.
So
my
request
is
that
individuals
that
are
section
leads
are
participating
if
they
could
post
kind
of
like
their
progress.
The
next
steps
in
the
corresponding
cert,
not
search
education,
Sig
channel
that
way
I
can
follow
along
and
figure
out
where
I
can
provide
value
and
assist.
A
And
in
the
future,
once
I
get
the
foundation
to
give
us
stable,
Zoom
calls
they
will
all
be
recorded
that
people
could
review
those
which
I
actually
had
some
random
person
contact
me
about
a
video.
They
had
questions
about
something
we
talked
about
in
one
of
the
calls
and
across
working
groups.
So
that's
pretty
cool
it's
nice
to
be
we're
doing
that,
but
I
I
can't
guarantee
that
the
first
calls
will
be
recorded.
A
But
please
Dave
and
Glenn
take
some
notes
share
with
everybody
in
the
slack
Channel
as
appropriate,
and
then
we
will
we'll
figure
out
a
way
to
get
something
in
our
full
Sig
calls
that
we
can
have
kind
of
regular
status
updates
for.
A
Attend
and
then
I
will
work
with
Sal
on
getting
section
three
set
up
and
rolling
with
a
meeting
time,
so
any
additional
questions
or
thoughts
today.
C
A
So
when
are
we
doing
that?
Well,
we
will
start
our
every
other
meetings.
Next
Thursday
Thursday,
right,
Wednesday,
September,
7th
that'll,
be
the
first
full
Sig
call
and
then
that'll
go
every
other
week
from
that
point
forward.
Foreign.
B
A
It's
strongly
encouraged
unless
that's
how
I
took
it
yeah,
it's
just
not
a
requirement.
A
If
a
group
wants
to
meet
you
may
most
of
the
leadership
of
the
foundation
will
be
occupied
in
Dublin
will
be
a
Judy
adjacent
and
if
there's
any
interest
or
availability
to
have
physical
meetings,
if
we
wanted
to
get
together,
for
example,
if
most
of
the
section
one
people
were
going
to
be
in
Dublin
it'd,
be
a
great
idea
to
sit
down
in
a
pub
with
a
notebook
and
kind
of
collaborate
together
might
be
a
little
faster
that
way,
but
there's
no
requirement
but
across
the
foundation
you're
going
to
see
a
lot
of
working
groups
and
sigs
pausing
meetings
that
week.
A
Okay,
thank
you.
You
are
welcome,
sir,
all
right.
If
there
are
no
other
items
to
talk
about,
we
will
adjourn
I,
look
forward
to
seeing
everyone
in
the
section
calls
and
actually
focusing
and
get
sharpening
our
pencils
and
making
the
plan
more
re
more
real.
So
thanks
all
we'll
talk
soon
enjoy
your
day
and
enjoy
your
awesome
time
off.
Vicky
that's
I
wish
I
could
have
finagled
that.
C
B
C
What's
the
bottom
line
say:
yeah
I
thanks
appreciate
that
shirt.
A
Let's
get
rolling
I'm
hoping
Sal
joins
us,
because
I
need
to
get
an
update
on
scheduling
her
subsection,
so
welcome
everybody
to
the
August
31st
edition
of
the
education.
Sig
I
posted
a
link
to
our
meeting
notes
in
the
zoom
chat.
If
you
could
Mark
your
attendance
and
note,
if
you
have
any
items
you
desire
to
talk
about
today,
do
we
have
any
new
friends
that
are
joining
us
for
the
first
time
that
wanted
to
introduce
themselves.
A
All
right
so
I've
been
a
bad
facilitator.
A
Bad
Crow
I
have
not
yet
contacted
the
foundation
folks
because
I've
been
waiting
for
a
determination
on
our
section
three
meeting
time
so
after
this
call
I'm
going
to
reach
out
to
Sal.
Unfortunately,
the
doodle,
because
I'm
just
a
participant
I,
can't
see
all
the
results,
but
I
have
a
note
queued
up
to
the
openssf
folks,
Jennifer,
Jory
and
Khalil
to
see
about
getting
our
three
meetings
set
up.
A
C
Things
yeah
I
wrote
for
now
is
just
use.
My
personal
programs
also
so
in
the
future,
I
will
swap
it
with
the
one
from
the
foundation.
A
Dave
wants
to
use
whatever
tooling
he
has
or
I
can
provide
him
a
tool
to
facilitate
the
meeting
tomorrow
and
again
then
I
I
need
just
to
have
our
friend
Sal
give
us
a
report
on
what
time
the
section
3
is
going
to
meet.
So
I
can
get
things
rolling,
Vicky.
C
Day
week,
five
day
weekend,
three
day
week
anyway,
that
aside
Dave,
if
you
need
I,
also
have
a
zoom
that
I
pay
for
so
I
can
float
you
a
link,
if
you
don't
have
something,
but
I
think
everyone
has
access
to
something.
So
just
in
case,
if
you
need
it,
pay
me
happy
to
oblige.
B
A
I
will
send
you
a
delightful
video
Pro
chat
program
produced
in
Redmond,
Washington
it'll
be
great
and
we'll
use
that
for
the
first
call
tomorrow,
all
right,
we
can
focus
in
on
our
sections
and
start
to
make
some
progress
on
things,
but
I
will
today,
I
will
be
sending
the
the
note
over
to
the
foundation.
Regardless
of
you
know,
the
status
I
can
get
back
from
Sal,
we'll
just
get
the
two
officially
on
the
open,
ssf
calendar
and
hopefully
start
to.
B
A
B
A
Again,
as
a
reminder,
everybody
is
welcome
to
attend
these
Focus
meetings
as
we're
not
excluding
anybody
we're
just
trying
to
focus
zero
in
on
that
particular
topic,
so
we
can
make
quicker
progress
and
ideally,
once
we
get
the
things
officially
in
the
foundation
Zoom,
we
will
be
able
you'll
be
able
to
view
those
recordings
on
YouTube
and
we'll
have
reports
back
to
the
larger
group.
A
As
a
side
note,
I
talked
to
a
college
professor
friend
of
mine.
This
morning
he
runs
a
program
in
Cleveland
Ohio,
where
he
actually
teaches
purple
team
skills
to
his
students,
so
he's
an
actual
educator
teaching
cyber
security
and
I'm
going
to
ask
him
he's
going
to
take
a
look
at
the
initial
plan
that
the
foundation
produced,
as
well
as
our
refine
plan,
and
give
us
some
suggestions
and
comments
from
an
educator
perspective
and
I'm,
hoping
to
lure
him
and
his
friends
other
professors
and
whatnot
students
in
to
kind
of
participate
more?
A
C
Yes,
man,
so
just
very
very
quickly.
Fyi
I
was
on
a
call
yesterday
for
open,
Forum
Europe,
which
does
a
bunch
of
policy
stuff
across
Europe
for
open
source
and
all
things
open,
also
co-organized
by
the
Atlantic
Council,
who
does
a
bunch
of
policy
stuff
over
here,
and
people
were
complaining
that
there's
just
not
enough
education
for
security
out
there.
C
The
entire
session
yesterday
was
about
open
source
supply
chain
security,
and
so
I
did
tell
them
that
this
sig
exists
and
I
gave
them
information
about
how
to
find
this.
So
maybe
we
can
start
getting
some
additional
people.
C
So
if
we
get
new
folks
showing
up
from
Europe
and
the
like,
because
we're
at
definitely
a
European
friendly
time,
it
would
be.
You
know
just
FYI,
that's
where
they're
coming
from
so
hopefully
fingers
crossed.
We
can
get
some
of
those
people
coming
in
to
help
us.
A
That's
awesome,
thank
you
for
doing
that
and
in
the
future,
if
we
need
to
have
alternate
time
zone
meetings
like
if
we
need
to
have
an
immediate,
focused
call
this
time's
okay,
but
we
if
we
need
to
move
it
even
further
to
try
to
get
you
know,
Central
Europe.
We
can
make
adjustments
same
thing
for
APAC.
A
If
we
have
folks
in
APAC
that
are
interested
participating,
we
can
kind
of
figure
out
a
way
to
do
time,
slot
swapping
if
we,
if
we
need
to
any
questions
or
comments
about
our
work,
going
forward.
A
The
next
official
meeting
of
the
full
Sig
is
going
to
be
on
September
7th.
So
oh
that's
next
week,
so
you
don't
get
any
time
off
yet,
but
in
the
future,
you'll
have
time
off.
A
All
right,
I
had
an
open
from
a
an
another
group
that
I
Moonlight
with.
If
you
could
draw
your
attention
to
issue
a
love
issue,
we
have
11
issues
so
far.
A
You
can
look
at
Issue
11
in
our
get
repo,
please
the
vulnerability
disclosure
working
group
is
creating
a
second
vulnerability
disclosure
guide,
and
this
one
is
focused
on
finders,
so
security
researchers
that
are
trying
to
report
to
open
source
projects
and,
throughout
the
course
of
our
work
we
just
we
determined
we
needed
to
have
a
dictionary,
a
glossary
of
terms
that
had
kind
of
standard
definitions.
A
When
we
say
x
we
mean
y
and
while
the
the
working
group
can
put
that
information
together,
they
felt
that
it
was
potentially
better
served
to
have
a
permanent
home
somewhere
and
they
suggested
Issue.
11
here
is.
Perhaps
this
group
is
interested
since
we're
focused
on
education.
Perhaps
we
may
be
interested
in
taking
ownership
and
crafting
that
glossary
of
terms
for
the
whole
Foundation
and
I
can
share
with
you
the
link
to
the
document.
If
you
want
to
see
what
it
looks
like
and
I
will
let
Vicky
ask
her
question
while
I
do
that.
C
Okay,
there
we
go
unmuted,
so
this
is
actually
something
that
I'm
increasingly
seeing
is
larger
than
just
open.
Ssf
and
this
question
of
terminology
and
trying
to
standardize
terminology
has
come
up
in
the
meetings
I've
been
in
for
sisa
for
IET
IEEE,
or
is
it
ietf
whatever
their
skit
stuff
I'm
sitting
in
on
that
ofe?
Yesterday?
C
It's
it
spdx
it's
coming
up
everywhere,
just
in
the
past
couple
of
weeks,
which
I
find
to
be
really
kind
of
moderately
entertaining
that
everyone
is
circling
around
the
same
question.
So
if
we
take
this
on,
I
think
this
is
something
we
need
to
get
a
lot
of
exposure
for
right
at
the
very
start,
but
that
aside,
big
plus
one
on
taking
it
on
I'm,
just
not
entirely
sure
we'll
have
the
Cycles
to
do
so.
A
Awesome
Emily.
D
There
has
actually
like
same
thing
that
Vicky
said:
there's
actually
been
a
lot
of
discussion
around
this
over
the
past
couple
years,
particularly
in
cncf
and
some
of
the
papers
that
we've
been
writing.
The
problem
was
identified
that
there
is
a
fundamental
lack
of
clarity
in
some
of
the
security
oriented
terminology,
especially
as
it
pertains
to
Cloud
supply
chain
and
Cloud
native
architectures
and
components,
so
I
dropped
the
links
to
a
few
lexicons
and
glossaries.
That
I'm
aware
of
that,
some
work
has
already
been
done.
D
I
saw
you
posted
the
CBD
guide
for
finders
glossary,
so
I
think
we
can
core.
We
can
pull
all
of
the
existing
body
of
work
together
and
just
kind
of
make
sure
that
there's
no
duplication
as
an
initial
first
pass
from
a
terminology
perspective,
but
I.
Imagine
that
there
are
other
areas
of
work
within
the
foundation
that
we
may
not
be
immediately
mindful
of
that
lack
Clarity
there
as
well.
A
That
that's
an
excellent
idea
and
was
initially
part
of
my
thoughts.
Is
it
it's
a
much
larger
effort
than
one
group
and
since
it
seems
since
we're
the
education
people
I
felt
it
might
be?
A
This
might
be
a
nice
place
for
the
home
it
to
be
a
home
and
house
to
coordinate
and
facilitate
with
other
groups,
and
my
desire
is
not
to
write
our
own
definitions
unless
there's
something
super
specific,
like
within
vulnerability
disclosure
there's
some
super
specific
terms
that
apply
only
in
that
area,
but
as
we
get
to
things
that
are
more
broadly
use
like
maintainer,
for
example,
I
would
like
to
refer
to
any
canonical
definitions
that
already
exist
in
prior
art,
Mist,
ISC,
squared
any
of
the
other
foundations
or
security
focused
organizations.
A
So
we
would
be
kind
of
cultivating
and
curating
this
list
and
I
I
agree
with
Vicki's
statement
that
it
could
be
it's
going
to
be
additional
work.
This
is
something
that
I'm
willing
to
donate
some
time
to
I'm,
pretty
sure
Mr
Wheeler
probably
would
like
to
donate
some
time,
since
he
has
some
experience
in
terms
and
definitions.
A
So
I
think
we,
if
we're.
If
the
group,
if
this
sig
is
interested
in
taking
this
on,
we
can
find
some
members
that
are
willing
to
help
facilitate
and
kind
of
pull
together
all
the
other
sources
and
groups
that
need
to
be
included.
David.
Do
you
have
something
you
want
to
say.
B
Yeah,
real,
quick
plus
one
on
the
steel
definitions
from
others,
I
think
it's
sorts,
I
think
I
think
it's
Miss
that
but
I
think
I've
seen
several
places
where
definition
and
where
you
got
it
from
making
sure
you
get
the
right
citation.
So
absolutely.
A
Yeah
and
as
Emily
notes
in
the
chat,
we
have
the
ability
to
augment
any
existing
definitions
with
the
context
with
which
we're
speaking
of
open
source
security,
open
source,
Supply
chains,
those
types
of
things
so
could
I
get
a
quick
show
of
hands,
either
a
thumbs
up,
plus
one
in
the
chat
or
minus
one,
or
a
check
mark
or
X
kind
of
get
a
temperature
from
the
team.
Here.
How
we
feel
about
potentially
taking
on
this
as
an
item
of
work
for
this
group.
A
All
right,
so
it
looks
like
two
three
four
five,
six
8
9
10
11.,
so
11
of
us
I'll
give
a
12th
thumb.
So
it
looks
like
this
group
is
interested
in
taking
on
this
work
and
I
will
get
something
set
up
in
our
git
repository
as
a
start
of
an
open,
ssf
dictionary,
so
to
speak,
and
then
I'll
figure
out
I'll
talk
to
the
TAC
first
and
then
I'll
probably
hit
the
slack
channels
and
all
the
different
lists
asking
for
participation
in
collaboration
on
this
project.
Emily.
E
D
Is
there
an
expectation
that
this
group
will
require
the
deliverable
of
that
glossary
will
require
attack,
finalization
and
approval
and
review
post
two-week
public
comment
period?.
A
No,
the
working
groups
and
sigs
are
empowered
to
kind
of
self-manage,
so
I
would
be
informing
the
attack
we'd
like
to
do
this,
we'll
get
their
opinion.
If
it's
a
very
negative
opinion.
I'll
come
back
to
the
group
and
we
can
you
know
potentially
regroup,
but
I.
Don't
anticipate
there'll,
be
a
problem
and
we
are
totally
empowered
to
manage
this
as
we
see
fit
afterwards.
A
Now,
if
there's
like
funding
requests
those
types
of
things,
we
need
to
have
more
formalized
process
talking
to
the
tech
and
the
governing
board,
but
for
something
like
this,
where
we're
making
an
artifact-
and
you
know-
kind
of
kind
of
getting
cross-group
collaboration,
we're
totally
empowered
to
manage
that.
A
Pull
this
up
if
anyone
is
interested
in
reviewing
what
the
tack
is
working
on
in
this
Charter
that
Emily
alluded
to,
so
we
are
in
the
final
steps
of
creating
a
1.0
process
for
how
the
foundation
is
going
to
operate
and
kind
of
manage
itself.
A
A
So
if
anyone
is
interested
in
the
business
of
the
foundation
and
kind
of
see
how
we
plan
on
operating
in
the
future,
please
feel
free,
as
this
PR
is
open
for
public
comment
now,
the
whole
Foundation
is
welcome
to
take
a
look
at
it,
give
your
thoughts
and
feedback,
so
this
will
be
kind
of
the
operating
model
of
how
the
tech
and
working
groups
and
sigs
will
be
handled
from
now
on.
Hopefully,
so,
if
you're,
if
you're
curious
and
interested
take
a
peek
at
that.
A
Where
was
I
all
right?
Do
we
another
Kara.
E
Yeah
I,
actually
I
just
had
a
question
on
the
on
this
sort
of
this
taxonomy
or
this.
This
idea
of
getting
some
lexicon
or
glossary
going
I'm,
just
I
was
looking
at
the
links
that
people
are
dropping
in
the
chat
and
there
are
existing
lists
out
there,
and
so
I
was
wondering
if
we
can
clarify
what
is
the
problem.
That's
causing
as
Vicki
was
saying,
you
know
three
or
four
different
requests
and
different
groups
is
the
problem
that
there
are
too
many.
E
Lexicons
is
the
problem
that
they're
not
open
source
specific
enough
or
they're,
not
defining,
say
provenon,
says:
salsa
uses
it.
What's
what's
the
problem
that
we're
trying
to
solve
here
otherwise,
I'm
afraid
we'll
just
end
up
with
another
lexicon,
amid
all
the
others
that
people
won't
know
which
one
to
reference.
A
I
think
the
problem
is
twofold:
first
off,
if
you're,
looking
at
the
purpose
of
the
CBD
guide
for
finders,
we
have
a
group
of
stakeholders
we're
interacting
with,
and
we
want
to
have
precise
definitions
of
when
we
say
this
term.
This
is
what
we
mean
so
in
the
context
of
that
group
or
body
and
then
secondly,
as
Vicki
notes
within
the
ecosystem,
there
seems
to
be
a
lot
of
confusion,
a
lot
of
need
to
have
that
standardization,
so
I
I,
don't
want
to
recreate
the
wheel
wherever
possible.
A
I
would
encourage
us
to
reuse
existing
art
and
authoritative
sources,
but
I
know
for
the
foundation.
I
think
it's
important
that
when
the
foundation
uses
X
or
Y
term
that
we
have
a
a
common
frame
of
reference
and
meaning
with
which
we're
all
referring
to,
we
can
publish
this
out
into
the
world
and
then
again
it
doesn't
need
it's
more
of
a
Federated
model
that
if
the
cncf
has
an
awesome
definition
that
most
people
agree
with
I'm
going
to
cite
that
and
refer
to
it.
As
you
know,
our
adopted
definition
so
answer
your
question.
E
Absolutely
yeah
and
I
see
Emily,
saying
also
lack
of
Discovery
is
a
contributing
factor
so
that
that
makes
a
lot
of
sense.
I,
don't
know
if
anybody
knows
any
taxonomers,
they're
they're
great
at
this
kind
of
thing.
E
I
know
one
I
don't
know
if
I
can
pull
pull
them
in,
but
if
anybody
knows
taxonomers
that
they
could
get
to
work
on
this,
they
they
make.
This
work
go
really
fast.
A
Well
and
that's:
we've
already
used
four
terms
for
the
same
thing:
glossary
lexicon,
dictionary
and
taxonomy
exactly.
A
If
not
I'll
remind
you
that
section,
one
will
be
meeting
tomorrow
at
9,
A.M
Eastern,
we'll
get
a
meeting
invite
out
later
today
with
a
temporary
placeholder
and
get
that
out
to
the
mailing
list,
we'll
post
it
in
slack
as
well,
so
that
we
can
start
that
and
then
later,
in
the
day
blend
section
two
will
be
meeting
at
4,
30
Eastern,
which
must
be
really
late
for
you,
man,
that's
a
weird
time,
I'm!
Sorry
about
that.
Yeah.
D
So
I
will
not
be
able
to
attend
tomorrow's
meeting.
I'm
sure
there
are
lots
of
other
folks
that
are
interested
in
participating,
but
will
not
be
able
to
make
the
time
for
whatever
reason
I.
So
my
request
is
that
individuals
that
are
section
leads
are
participating
if
they
could
post
kind
of
like
their
progress.
The
next
steps
in
the
corresponding
cert,
not
search
education,
Sig
channel
that
way
I
can
follow
along
and
figure
out
where
I
can
provide
value
and
assist.
A
And
in
the
future,
once
I
get
the
foundation
to
give
us
stable,
Zoom
calls
they
will
all
be
recorded
that
people
could
review
those
which
I
actually
had
some
random
person
contact
me
about
a
video.
They
had
questions
about
something
we
talked
about
in
one
of
the
calls
and
across
the
working
groups.
So
that's
pretty
cool
it's
nice
to
be
we're
doing
that,
but
I
I
can't
guarantee
that
the
first
calls
will
be
recorded.
A
But
please
Dave
and
Glenn
take
some
notes
share
with
everybody
in
the
slack
Channel
as
appropriate,
and
then
we
will
figure
out
a
way
to
get
something
in
our
full
Sig
calls
that
we
can
have
kind
of
regular
status
updates
for.
A
Can't
attend
and
then
I
will
work
with
Sal
on
getting
section
three
set
up
and
rolling
with
a
meeting
time,
so
any
additional
questions
or
thoughts
today.
C
Just
one
more
I
think
there's
this
meeting
now
it's
every
week,
I
think
we
had
the
idea
to
change
the
frequency.
So
when
are
we
doing
yeah.
A
Well,
we
will
start
our
every
other
meetings.
Next
Thursday
Thursday
right.
A
B
A
If
a
group
wants
to
meet
you
may
most
of
the
leadership
of
the
foundation
will
be
occupied
in
Dublin
will
be
a
Judy
adjacent
and
if
there's
any
interest
or
availability
to
have
physical
meetings,
if
we
wanted
to
get
together,
for
example,
if
most
of
the
section
one
people
were
going
to
be
in
Dublin
it'd,
be
a
great
idea
to
sit
down
in
a
pub
with
a
notebook
and
kind
of
collaborate
together
might
be
a
little
faster
that
way,
but
there's
no
requirement
but
across
the
foundation
you're
going
to
see
a
lot
of
working
groups
and
sigs
pausing
meetings
that
week.
A
Okay,
thank
you.
You
are
welcome,
sir,
all
right.
If
there
are
no
other
items
to
talk
about,
we
will
adjourn
I,
look
forward
to
seeing
everyone
in
the
section
calls
and
actually
focusing
and
get
sharpening
our
pencils
and
making
the
plan
more
re
more
real.
So
thanks
all
we'll
talk
soon
enjoy
your
day
and
enjoy
your
awesome
time
off.
Vicky
that's
I
wish
I
could
have
finagled
that.