►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
A
Well,
welcome
everybody
thanks
for
being
here
just
as
a
first
one.
This
will
be
the
last
time
it
will
be
at
this
time.
I
saw
actually
the.
B
A
Proposed
turn
wasn't
accepted
and
just
yet
in
the
calendar.
So
that's
why
we
actually
are
meeting
now
at
this
time,
but
we
spoke
to
the
support
of
the
manager
of
the
calendar
and
he
will
swap
it
to
the
new
proposed
findings.
A
So
this
let
you
know
that
there
will
be.
It
will
be
earlier
instead
of
at
the
current
time,
we're
doing
other
than
that.
Please
also
add
your
attendings
in
the
meeting
notes
of
the
agenda
of
the
drive
link.
I
just
sent
you
well,
maybe
a
very
quick
tour.
Do
we
have
some
new
friends
that
want
to
introduce
himself
quickly.
C
We
actually
have
a
couple
of
people
from
my
team
at
sonotype
on
so
there's
Aaron
and
Hernan
they're,
both
on
the
devrel
team
with
me,
and
they
are
both
much
better
than
I
am
at
writing
and
delivering
content.
So
I
said
you
should
probably
join
in
and
help
all.
A
Yeah
and
I
I
think
there's
also
something
before
we
actually
go
and
kick
into
the
the
agenda
items
I
mean
we
have
the
SKF
updates
that
we
can
add.
If
you
have
more
agenda
items
next
to
the
key
Milestones
that
we're
going
to
discuss
as
well.
Please
add
them
to
the
meeting
notes,
but
I
think
what's
also
important
to
discuss
actually
the
sick
one,
the
stream
one.
A
That
was
also
happening
today
because,
as
you
know,
we
are
very
dependent
on
also
well
what
type
of
materials
they
gathered,
the
Gap
analysis,
Etc,
so
I
don't
know
it's
there's
somebody
here
available
that
can
give.
B
D
C
Yeah,
so
what
we're
really
still
working
through
and
sort
of
is
our
highest
sort
of
contingency
from
that
group?
Is
this
one
spreadsheet
that
we
need
to
consolidate
all
known
resources
around,
so
we're
gonna
have
a
meeting
on
that
early
next
week
and
try
to
have
that
delivered
in
some
consumable
format
by
Wednesday?
C
So
that's
really
our
current
sort
of
action
of
blocking
point
at
that
in
that
group,
but
coming
out
of
that,
what
I
would
like
to
do
is
in
getting
that
work.
Consolidated,
they've,
already
labeled
it
by
content
type.
So
group
one
is
very
much
sort
of
like
the
Librarians,
the
content,
curation
they've
labeled
it
by
the
type
of
learning
that
they're
aware
of.
C
So
I
guess
my
ask
will
be
coming
out
of
early
next
week
when
we
get
this
set
of
resources.
Consolidated,
let's
have
a
column
where
we
add
in
yes,
everything
that
we
know
exists,
but
also
just
like
leave
a
label
in
there.
That
says
like
if
we
don't
find
anything
that
covers
a
topic
that
starts
to
get
us
to
that
Gap
coverage.
But
it's
a
long-winded
way
of
saying
I'll
have
something
in
the
slack
next
week
for
you
all
to
look
at
from
them.
A
B
A
Just
pulled
in
the
the
XL
indeed
again
and
yeah
what
I?
What
I
also
noticed
is
that,
for
example,
the
content
teams-
it's
still
I,
say
it
still
has
a
lot
of
overlap
of
the
different
items
right,
but,
for
example,
well,
we
talked
also
in
in
some
previous
meetings
about
iot
security
that
is
not
in
there
as
a
as
a
team
or
end
user,
security
or
I.
Don't
know
online
security,
Docker
security
stuff
like
that
right.
C
B
A
Well,
yeah.
We
are
also
in
our
key
deliverables
still
looking
for.
You
know
how
it
actually
yeah
how
much
the
work
is
right
and,
depending
on
what
type
of
curriculum
we're
going
to
choose,
we
can
actually
make
a
proper
estimate,
instead
of
maybe
over
asking
or
well
worst
case
in
rasking
yeah.
We
we
might
really
be
in
trouble,
then
right.
C
Yeah
so
two
issues
broadly
and
I,
say
this
is
love,
but
the
the
first
part
of
this
plan.
It's
run
by
a
group
of
people
who
are
familiar
with
cyber
security
education,
but
not
with
the
practice,
especially
like
the
practice
that's
developed
in
the
last
two
three
years.
It's
a
very
different
cyber
security.
C
So
what
I've
put
in
the
comments
here
in
section
three
I
want
us
to
be
rewarding
and
incentivizing
along
these
sort
of
three
prioritized
in
time
pillars.
So
like
supply
chain,
Cloud
security
data
security,
app
security
would
be
our
first
focuses
so
I'd
like
us
to
label
up
front
and
sort
of
have
the
two
eight
labels.
What
they've
done
in
the
educational
part
is
label
it
by
what
they're
familiar
with,
which
is
Audience
by
education
level.
C
We
need
to
go
back
through
and
I
would
propose
tag
the
resources
that
are
relevant
for
these
cyber
security
Stacks
that
we
want
to
focus
in
and
the
ones
that
we
have
the
most
resources
for.
We
can
put
up
front
I've
just
put
this
list
of
priority
based
on
what
I
think
it
were
likely
to
have
some
of
the
most
and
least
resourcing
around
so.
B
A
That
is
at
least
more
concrete
and
and
carving
it
out
where
we
need
to
focus.
So
that's
already
good
direction.
F
Spreadsheet
it
has
been
and
is
open
for
comments,
suggestions
and
changes.
If
this
group
doesn't
feel
the
current
spreadsheet
meets
the
need,
please
express
that
we've.
This
has
been
available
for
three
weeks.
There
has
been
very
minimal
contribution.
You
know,
Glenn
put
in
the
asbs
stuff
and
Sal
has
talked
about
these
kind
of
cyber
security
Matrix
prioritizations,
but
there
has
been
next
to
zero
other
contributions.
F
F
F
We
are
going
to
have
that
meeting
as
Sal
mentioned,
so
once
we
try
to
get
alignment
on
the
columns
and
the
categorization
and
the
terminology,
then
we're
going
to
go
through
and
cram
everything
in
there
and
then
the
next
step
will
be
the
assessment.
The
assessment
of
that
list,
which
we
will
also
need
assistance
on.
A
Yeah
all
right
good
points,
yeah
indeed,
I
I
added
the
asgs
in
the
testing
guide
to
it,
because
yeah,
like
I,
said
it's
very
clear
goal
where
a
security
developer
or
a
pen,
tester
network
security,
Etc
I,
think
you
know.
If
we
really
want
to
have
something
good.
A
We
should
focus,
in
my
opinion
that
that's
well
in
my
vision
where
the
world
now
is
Burning
we're
building
a
lot
of
web
applications
apis,
so
I
think
there
we
can
add
the
most
value,
in
short
terms,
because
there's
already
such
you
know,.
F
A
I
see
somebody
else
Eric,
you
have
also
your
handle.
Please
go
first.
G
Yeah
so
yeah
I
was
on
vacation
and
then
I
had
to
go
to
an
off
site.
I
missed
that
I
was
scrolling
through
the
the
agenda,
notes
and
I'm,
not
seeing
a
link
to
the
spreadsheet.
A
Yeah,
it
is
for
the
other
stream
for
stream,
one
of
the
shift,
but
well
it's
all
price
very
together
right.
So
that's
why
we're
actually
discussing
that
one
as
well.
I
posted
a
link,
oh
yeah,.
A
It's
still
that
one.
So
that's.
Why
see
Rob's
remark
like
hey,
it
still
looks
a
bit
the
same
as
three
weeks
before
yeah
yeah.
C
So
so
early
next
week,
we
need
to
go
through
it
and
I.
Think
with
that,
my
goal
is
going
to
be
to
tag
the
resources
with.
If,
if
this
sounds
good
to,
everyone
propose
them
with
these
proposed
cyber
security,
Matrix
focuses,
which
then
I
think
will
give
us
a
really
nice
way
to
say
this
is
the
coverage
that
we
know
we
have
as
it
applies
to
known,
employable
security
profiles
that
I
definitely
need
in
order
to
build
a
cogent
model
for
resourcing
for
jobs.
C
So
I
think
with
that,
and
my
intention
is
to
hand
off
this
spreadsheet
with
two
small
paragraphs.
The
first
is
going
to
be
where
we
got
these
resources
and
from
whom
we
can
contact
to
ensure
their
longevity
and
number
two
exactly
what
the
identifying
indexes
are
for
these.
C
So
we
should
have
the
audience
type
already
tagged,
and
this
has
been
done
by
most
of
the
people
that
provided
the
resources
and
by
the
employable
audience
that
it's
intended
for,
and
that
puts
us
in
a
super
good
spot,
I
think
to
have
a
matrix
of
what
we
want
and
what
we
don't
have
I.
Think.
F
C
F
I'm
speaking
about
column
e
on
the
spreadsheet
like,
if
we
have
nulled
that
and
either
merged
your
suggestion
with
asvs
or
we
added
to
additional
columns
so
that,
as
we
are
flagging,
there's
this
webinar
on
kubernetes
from
this
source-
and
it
also
applies
to
this
asvs
topic
as
well
as
Sal's
Matrix.
Would
that
be
kind
of
extending
the
number
of
columns
or
are
we
able
to
adjust
the
a
column
adjust
one
column,
not
ate
the
a
column.
A
Idea
but,
okay,
so
sorry
that
we're
digesting
very
much
on
the
the
other,
the
stream
one
but
yeah.
We
in
my
opinion
we
have
to
because
it's
really
very
closely
together
also
with
with
our
objectives
but,
for
example,
review
existing
education
materials
for
Gap
and
opportunities.
That's
the
one
one!
It's
further
down
the
line,
I
see
also
I,
have
defined
training,
areas
of
focus,
and
there
indeed
you
have
the
mobile
of
well
the
cicd
and
all
that
good
stuff
right.
A
So
I
would
actually
want
to
ask
and
well
maybe
we
need
to
do
an
official
vote
also
in
stream.
One
as
we
have
a
mixed
group
here,
but
could
we
say
that
for
the
one
but
one
goal
we
first
focus
on
web
API
and
secure
development
and
the
abstract
offensive
security
and
and
make
that
our
first
year
goal.
So
we
have
more
time
to
actually
have
to
go
1.4
and
do
that
deep
dive,
because
I
feel
there
the
material
is
way
more
thinner
spread.
A
So
it
will
be
harder
and
takes
more
time
to
give
you
Gap
analysis
and
now
to
really
move
forward
and
and
we'll
have
something
December
right.
That
we
can
present
with
the
projects
and
figures
I
I
feel
like.
Maybe
we
should
first
Focus
really
on
on
the
two
profiles,
the
the
abstract,
the
offensive
and
on
the
yeah,
the
developers
to
make
them
secure
coding
and
that
good
stuff.
We.
C
F
I
I
love
the
idea
of
having
the
learning
paths,
but
we
are
re-litigating
the
the
words
that
we
already
have
written
down.
So
we
should
decide
upon
how
we
would
wish
to
frame.
That
is
that
a
profile
is
that
a
target
audience?
Is
it
a
Persona?
Is
it
a
learning
path?
So,
let's
figure
out
a
term
and
then
we
can
hammer
out
at
using
the
existing
data
we
have
so
potentially
what
you're
talking
about
is
target
audience,
for
example,
Randall
yeah.
That
could
be
the
learning
path.
It.
E
E
Being
said
just
so,
you
know
so
in
the
in
the
reorganization
that
we're
doing
of
SKF,
basically
like
everything,
is
getting
moved
to
k-native
I
know
it's
a
little
bit
of
a
mute
point,
but
just
so
you
kind
of
it
should
be
fairly
organized.
It
should
be
fairly
easy
to
contribute
to
is
what
I'm
getting
in.
B
A
All
right,
maybe
objectives
to
to
this,
to
this,
covering
of
what
I
suggested
to
do
Speak
now
or.
E
A
A
The
the
agile
way
put
it
a
nice
MPP
out
there
would,
like,
let's
see
Rob
says,
will
be
100
no,
but
you
know
from
there
we
iterate
we
improve
and
we
go
on
so
I
rather
want
to
take
yeah
that
type
of
approach,
then
yeah
talking
for
a
year
or
two
and
then
still
yeah
not
able
to
educate,
and
then
you
know,
give
people
the
opportunity
to
learn
so
yeah
Fair.
A
No,
so
if,
if
we
as
a
group,
you
know,
at
least
in
this
stream
can
decide
like
okay,
we
should
focus
on
those
type
of
personas
or
profiles
and
personas.
Then
at
least
we
can
now
actually
go
think
about
the
the
the
key
deliverables
of
our
own
and
yeah.
How
much
work
that
would
involve
in
into
covering
those
things
right,
I
think
Randall.
You
said
it
before,
and
probably
in
one
of
the
other
meetings.
A
C
So
I'm
gonna!
So
as
we
go
through
this
thing
through
the
next
week,
I
am
going
to
leave
in
professional
Persona,
because
I
think
that
this
leaves
us
a
really
nice
triptych
index.
So
the
content
type
is
going
to
tell
us
like
sort
of
that.
Well,
not
the
content
type,
the
which
one
is
it
the
one
that
tells
us
the
content
theme?
Sorry.
C
So
if
we
have
the
content
theme,
the
stack
and
the
language
and
the
professional
Persona,
that's
going
to
allow
us
to
be
able
to
query
the
language
in
two
ways
which
we
would
be
important
to
me
as
an
end
user,
because
I'm
either
going
to
want
to
have
a
deep
stack
knowledge
or
I'm
going
to
want
to
have.
You
know,
I
want
to
be
a
really
really
good
pen
tester
in
two
to
three
different,
like
common
micro,
like
architecture,
language,
combinations
right
and
if
I
have
as
long
as
it's
all
I'm.
C
And
so
then
we
can
build
Awards
around
both
a
specific
type
of
training
and
we
can
do
them
around
an
entire
stack
for
a
specific
language
and
we
can
do
them
around
professional
personas
and
all
three
of
those
would
be
interesting
to
incentivize.
So
let's
I
think
if
y'all
are
okay
with
that
I'm
going
to
leave
professional
Persona
in
here,
and
then
we
can
use
that
as
a
really
nice
way
to
do
enablement.
For
this
part,
two
for
mobilization,
because
our
first
priority
is
going
to
be
appsec.
A
A
Now
maybe
another
thing
that
we
also
sort
of
discussed
a
couple
of
times,
but
how
and
and
what
should
the
material
actually
be
I
mean
you
have
the
security
notes
framework
as
a
platform?
We
thought
Randall
a
couple
of
weeks
ago
with
David
wheeler
as
well,
and
we
don't
want
to
well
have
like
different
sources
from
different
locations
that
we
have
to
update
and
maintain.
A
A
I
mean
one
of
the
wishes.
For
example,
David
was
that
yeah?
It
would
be
nice
as
well
that,
for
example,
I
think
Randall.
You
also
spoke
with
him
about
it.
Yeah
I
made
the
question
yeah
that
there
is
a
way
to,
for
example,
other
platforms
to
also
be
able
to
use
the
training
material
that
we
created,
and
we
could
facilitate
that,
for
example,
using
SPF
and
F
I,
don't
know
specific
API
endpoints,
where
they
can.
You
know
pull
that
data
out
as
well,
but
I
just
wanted
to
double
check
here
as
well.
F
This
group
should
put
forth
their
vision
of
what
they
would
like
to
see
and
when
the
sponsors
review
the
plan,
they
are
free
to
have
objections
or
request
changes,
but
be
opinionated
with
where
you
think
it
should
be
flexible.
So
we
can
account
for
other
tools
or
perspectives
or
platforms,
but
if
we
think
SKF
should
be
the
repo
say,
SKF
is
going
to
be
our
repo.
F
A
So
I
just
want
to
you
know,
make
sure
that
indeed
we're
on
the
same
page
in
in
that,
because
yeah
I
do
think
and
I
do
believe.
A
A
security
mobile
tracker
would
be
a
nice
place,
as
in
the
the
track
record
that
we
have
and
also
yeah,
and
in
the
past
yeah
year
we
had
like
I,
don't
know
like
100
000
pools
from
the
docker,
herp
and
stuff
like
that,
but
yeah
I
I
also
fear
that
if
somebody
else
will
do
it,
they
will
probably
be
pretty
overwhelmed
yeah
with
how
much
work
it
is
and
yeah.
F
And
my
personal
opinion
is
my
experience:
working
with
developers
is
historically,
they
learn
better
by
doing
and
SKF
is
a
doing
platform
as
opposed
to
having
somebody
talk
at
you
in
a
lecture,
so
I
think
if
we
made
that
kind
of
our
Hub
and
then
we
account
for
other
learning
methods.
You.
B
F
Visual
and
lecture
type
people
or
people
don't
like
looking
at
pictures,
I
think
that'll
be
good
as
we
kind
of
use
SKF
as
our
home
base
and
Branch
out
from
there.
So
I
I
endorse
that
course
of
action.
C
C
One
and
just
pen
note
it
from
the
end,
but
there's
probably
going
to
be
a
project
manager
on
all
three
parts
of
this,
but
I,
don't
know
anything
more
but,
more
importantly,
I
think,
as
we
were
discussing
like
the
need
to
have
what
they're
calling
a
central
library,
but
to
get
a
little
philosophical
here,
the
idea
of
a
library
doesn't
transpose
to
open
source
because
open
source,
our
resources
and
specifically
in
cyber
security,
have
to
be
updated.
C
So
what
we
need
is
from
anyone
that
we're
getting
these
resources
from
some
commitment.
They
will
that
they
will
update
these
when
they
should
be
so.
The
end
point
I,
don't
care
if
it's
an
API
I,
don't
care
if
we
actually
store
it,
and
we
set
enough
money
aside
to
have
a
database
that
can
store
these,
but
I
would
also
like
to
make
sure-
and
it's
in
a
little
bit
in
the
budget
but
I'd
like
to
clarify
that
we
set
something
aside
to
create
cyber
security.
C
A
So
that's
why
we
have
this
whole
safe
environment
actually
right
to
do
it
and-
and
we
already
have
those
capabilities
currently
in
the
in
SKF
yeah
zero.
Your
remark
was
sorry.
F
A
All
right,
that
is
a
good
well,
at
least
you
know
what
we
did
discuss
is
well
where
we
can
we're
going
to
use
and
and
work
upon
other
projects
that
are
out
there,
and
we
also
discussed
in
our
what
we
will
do
and
what
is
included
in
terms
of
scope
and
the
overall
state
that
yeah
we're
going
also
to
work
with
other
open
source
projects.
A
So
that
means
yeah,
probably
some
of
the
people
or
yeah
that
we
hire
me
or
whatever
that
are
going
to
work
with
them
and
say:
hey,
look.
We
miss
actually
these
type
of
Topics
in
your
project.
Can
we
add
them?
Can
we
make
full
regress
to
improve
that?
Then
we
updated
at
the
source
and
that
Source
we
done
Apple
like
cell
you're,
seeing
as
a
library
type
of
thing
inside
SKF,
where
we
then
can
push
the
new
information,
the
updated,
the
information
to
the
other
people
and
our
Learners.
A
So
yeah
we
have
more
projects
actually
benefiting
right
from
the
work
we're
doing
them.
So
that
was
indeed
well
my
conception
concept
of
it,
but
it.
F
C
Yeah
materials,
concurrent
I,
was
just
writing
a
note
on
that
number
one.
An
idea
that
I,
like
is
educational
micro,
grants
for
open
source
projects,
getting
them
engaged
at
that
level
and
what's
important
to
them.
C
That
would
be
cool
and
it's
always
better
documentation
and
then
I
think
there's
something
coming
together
for,
like
maybe
using
mlh
as
a
way
to
make
sure
like
they
can
handle
the
relationship
between
partners
like
corporate
Partnerships
and
educational
curriculum
and
getting
that
embedded
into
open
source,
and
that's
really
our
Missing
Link,
but
I
still
think
we
might
need
to
have
like
how
do
we
incentivize
the
maintenance
of
that
education?
That's
the
one
thing
that
I've
seen
is
usually
like
a
one-time
engagement
of
curriculum
and
that
erodes
in
security.
C
B
A
All
right,
yeah,
fizzy.
H
H
Right,
fantastic
yeah,
no
I
do
apologize
about
my
time
keeping
case.
There's
just
been
a
shocking
yesterday.
I
was
just
wanting
to
pick
up
on
the
back
of
sales,
pointing
there
about
the
continuance,
maintenance
and
upkeep
of
the
material
and
the
curriculum.
H
The
more
we
discuss,
SKF
like
with
Randall
and
I.
It
generally
feels
like
as
a
content,
is
all
is
a
permanent
position
of
many
people
to
contain
and
maintain
is
one
of
those
long-term
Endeavors
that
should
not
be
seen
lightly
and
I
just
want
to
just
follow
up
on
that
case
about
what
Sal
would
say.
H
I
totally
agrees
feel
hardly
that
in
order
not
to
erode
the
value
of
the
the
project
in
the
long
term,
fair
enough
I
may
have
a
good
short
term
scope
and
you
know
Direction
and
intentions,
but
it's
all
about
longevity
and
endurance
and
that's
my
opinion
and
yeah.
So
it
needs
to
be
considered
to
be
a
long-term
project
in
that
scope.
H
F
Thank
you
and
we
have
the
option
that,
if
we
feel
it,
it
belongs
in
this
section
that
we're
going
to
create
content,
and
there
needs
to
be
some
routine
maintenance
and
upkeep
of
it.
Let
us
create
positions
for
full-time
people
or
some
way
to
issue
the
micro
grants
or
scholarships
or
whatever
Technique.
We
want
you
to
make
sure
that
that
function
continues
going
forward
for
that
maintenance.
C
E
A
Very
awesome
thanks
for
that
and
glad
to
to
see
you
guys
here
so
really
appreciate
that,
but
yeah
that
also
triggered
me
actually,
because
you
know
we
we
do
want
to
have
the
platform
always
available
right
and
yeah.
Now
it's
a
really.
Actually
it's
really
the
operational
patching
deploying
itself
yeah.
That's
not
very
good,
because
you
know,
if
I
step
under
a
bus,
then
we
have
an
issue
not
that
I'm
planning
to
step
under
a
bus
now
indeed
but
yeah.
A
That's
that's
not
good,
and
you
know
also
I
always
want
to
have
like
a
professional
Excellence
rights
and
should
always
be
up
and
running
as
as
far
as
I
can
manage
it
in
my
free
time,
but
indeed
now,
for
example,
we're
also
very
well
grateful
for
Microsoft
that
that
using
their
open
source,
free
credit,
spins
and
every
time,
I
request
it
again,
I
get
it
and
we're
able
to
run
you
know
in
their
queue.
A
We
need
to
stack
the
whole
platform,
but
if
yeah
I
don't
know
next
month
or
whatever
they
decide
well,
you
don't
qualify
anymore
or
whatever
reason
yeah.
Then
we
also
have
a
bit
of
an
issue
because
then
we
don't
actually
have
well
funds
to
to
keep
the
whole
platform
running.
So
now,
I
was
reading
over
our
own
goals
and
also
a
bit
on
the
stream
one,
but
I
I,
yeah
I,
don't
see
any
of
those
asks
and
and
key
Milestones,
like
maintenance,
I.
F
I
wouldn't
be
afraid
of
that
happening
Glenn.
But
yes,
let
us
make
that
an
explicit
part
of
the
plan
is
annual
maintenance
and
upkeep
of
the
system
to
guarantee
but
yeah
it
I,
don't
I,
don't
think
Microsoft's
gonna
pull
away
from
their
support
of
the
foundation.
A
Yeah
now
indeed,
but
yeah.
A
C
Yeah
and
the
other
thing
I
think
we
need
to
make
explicit,
is
making
sure
I
think
we
have
it,
but
like
we
have
about
a
hundred
K
set
aside
for
basically
what
I
would
call
compute
power
or
being
able
to
create
little
virtual
environments
and
I
think
we
need
to
put
like
an
actual
estimate
around
how
many
of
those
Services
we
could
be
providing
in
a
year.
I.
E
F
E
B
F
We
can
figure
that
out,
so
we
can
approach
the
WASP
people
and
say
this.
You
know
we're
interested
in
making
this
officially
in
a
joint
project
or
joint
funding,
but
Oasis
they
are
members.
I,
don't
remember,
call
I,
they
might
be
like
the
middle
tier
I,
don't
know
if
they're
premium
but
I
believe
they're
in
the
the
middle
swath.
C
F
It's
tangential,
but
one
of
the
goals
of
the
tack
as
we're
trying
to
reposition
our
relationship
with
the
governing
board
is
we
want
to
expand
and
more
formalize
our
relationship
with
other
foundations,
so
this
potentially
could
be
an
opportunity
to
put
in
initiatives
like
that
saying
we,
you
know
we're
very
interested
in
diversity
inequality.
So
we
would
like
to
you
know,
have
some
collaboration
together
on
this
and
we're
interested
like
shared
projects
like
SKF,
so
yeah
I
think
there's
a
lot
of
opportunity
with
you
know
them
cncf
and
other
other
groups.
Yeah.
D
A
And
well
I
hope.
Everybody
knows,
of
course
right.
So
the
security
knowledge
framework
is
a
flagship
project
already
at
OS.
For
quite
some
time.
We
build
SKF
yeah
like
seven
years
ago.
Then
we
made
it
open
source
because
that
we
thought
everybody
should
be
able
to
to
have
education
and
to
be
able
to
do
security
in
the
right
way.
A
Then
we
actually
met
one
of
the
board
members
jimeneco.
He
introduced
us
to
all
of
us
and
then
we
said:
hey
we're
gonna
partner
with
them,
because
yeah
we're
sharing
the
same
mission
and
vision
and
actually
that's
also
How
We,
join
the
ossf
and
now
open
ssf,
actually
right
because
yeah
we
really
aligned
in
what
we're
gonna
achieve,
and
oh
yeah,
the
other
disclaimer
that
I
wanted
to
say
so
I'm
also
currently
one
of
the
global
board
of
directors
at
at
Olas.
A
A
Yeah
because
yeah
we
know
of
each
other
and
we
well
the
mission
innovision
is
the
same
right,
improve
the
abstract
industry.
The
only
thing
of
ovasp
is
what
is
different
is
that
we
try
to
be
vendor
neutral
right.
That's
the
the
statement
you
want
to
be
vendor
neutral,
which
is
an
openness.
If
not,
we
also
help
vendors
right
in
writing.
A
Write-Ups
or
you
know,
blog
posts
or
so
I
think
that's
the
only
difference
actually
but
other
than
that.
We
have
the
same
vision
and
helping
and
improving
abstract
right.
So
so
I
I,
don't
see
any
issue
there,
but
yeah
I
will
definitely
bring
it
up
as
well
there
and
get
feedback
and
discuss
it.
Maybe
I
can
do
it
in
the
global,
safe
Meetup
that
we
have
and
then
yeah
we'll
report
back
so
to
say:
let's
see
how
much
time
do
we
have
left,
we
have
15
minutes.
A
Maybe
it's
good
I
know
we
have
a
couple
of
to
Do's
open,
probably
the
people
who
had
to
do
snack
know
they
have
to
do
it.
Are
there
any
updates
that
you
want
to
share
with
the
group.
E
D
E
E
Not
like
it's
not
like
Anthony
and
I
whip
this
together
in
24
hours
or
anything
here,
I'll
send
it
to
the
slack
there.
That's
that's
what
it
looks
like
thus
far.
C
F
Not
about
this
one
but
about
from
the
working
groups
and
two
cigs.
F
F
C
Yeah
not
to
put
cyber
security
against
each
other,
but
we
did
just
talk
a
lot
about
oasp
and
I
just
want
to
say
this:
I
have
gotten
them
to
invest
in
yo-yos
and
I.
Just
think.
Once
we
have
logos
for
all
these
new
things,
there
should
be
put.
F
D
E
C
A
Yeah,
so
it
was
indeed
the
discussion
of
the
super.
Huge
markdown
fall,
yes
or
no
splitting
it
up
into
sections.
A
We
also
thought
of
what
would
be
nice
that
you
have,
for
example,
or
a
button
where
you
can
automatically
make
a
PR,
for
example,
when
you
miss
one
of
their
your
home
things
there,
so
they
can
do
it
from
the
website.
They
don't
have
to
go
together
or
whatever
just
click
fill
in
submit,
and
then
we
get
a
PR
in
the
back
end
for
to
review
and
then
to
add
to
it
so
yeah,
it
looks
very
cool,
guys
very
nicely.
A
good
start.
I
would
say
yes
Anthony,
yes,.
B
Yeah
right
now,
it's
like
MVP
right,
as
you
see,
I
mean
where
any
feedback
is
welcome
and
yeah.
We
are
eventually
thinking
of
adding
what
What
Glenn
said
like
a
forum,
some
people
can't
just
direct
it
through
the
website
at
the
pr
but
you're,
not
just
figuring
that
out
and
yeah
I
don't
know
again.
Any
feedback
is
welcome,
so
yeah.
E
Just
just
to
be
clear,
we're
going
to
be
adding
all
definitions
in
here
regardless
because
there's
going
to
be
one
thing
we
talked
about
was
like.
There
are
multiple
definitions
for
the
same
thing
and
we
don't
want
to
like
edit
those
or
anything
so
we're
just
going
to
throw
them
all
on
there.
So
if
you
put
bug
finder
you're
going
to
get
Red,
Hats
bug,
finder
terminology,
Intel's
Microsoft,
you
could
decide
which
one
you
want
to
figure
out
and
I
think
that
with
algoria,
maybe
there
might
be
ways
of
like
adding
filters
like.
E
E
A
Nice,
so
thanks
for
sharing,
that's
really
cool.
Let
me
see
so
what
we
now
can
do.
Actually,
because
we
have
now
a
sort
of
direction
we
can
go
to
is
to
actually
already
start
filling
in
the
and
completing
I
think
quite
a
lot
of
the
the
the
items
that
we
have,
the
milestones
and
the
goals.
A
So
I
think
there's
this
one
that,
for
example,
myself
can
pick
up,
because
we
now
have
at
least
going
Direction
and
I
know
all
the
labs
and
training
and
whatnot
I
build
those
left
myself.
So
I
have
an
idea
how
much
time
it
would
cost.
So
this
is
one
definitely
that
I
can
pick
up.
A
And
then
we
have
the
2.2
member
organization
asked
to
contribute
to
existing
internal.
We
have
proposed
people
that
we
were
going
to
contacts
Intel,
IBM
and
Microsoft,
and
then
I
see
governing
burko
for
potential
educational
materials
for
security.
That
one
was
on
your
name.
Do
you
have
an
update
on
that?
Maybe
or
no
okay?
D
I
just
had
a
quick
question
somewhere
in
the
deadline
for
Action
in
2.1
talks
about
final
education
resource
list
for
Gap
analysis
defined
I
also
saw
that
in
the
section
one
earlier
today
where
they
were
talking
about
that
as
a
deliverable,
it's
just
different
or
overlapping.
F
Need
to
make
that
line
a
dependency
on
Russo's
deliverable.
A
Yeah
sure
yeah,
so
I'm
going
to
be
a
bit
cheeky
here
and
say
that
we
already
sort
of
at
least
for
a
year
won't
defined
it
basically
the
asvs
base,
then
the
testing
so
the
two
profiles,
and
hopefully
there
are
more
overlap.
So
maybe
we
can
sneak
in
another
one
because
it
has
so
many
overlapping
topics,
but
I
think
that
should
be
the
MVP
at
least
and
everything.
You
know
that
we
can
do
more.
That
would
be
a
great,
so
yeah,
so
I
will
base
my
for
this
one.
A
But
yeah
we
will
of
course
adapt
it
later
on
when
stream.
One
has
a
more
in-depth
details
as
well.
F
A
Okay,
let
me
see,
did
we
send
out
the
openness
have
email
threads
herself
to
ask
for.
C
Collaboration,
no
I
was
not
able
to
get
them
to
send
it
out,
but
I
can
try
again
or
I
might
want
to
try
a
different
angle
of
attack.
A
Great
then
Randall
did
you
were
able
to
talk
to
Jennifer
black.
E
No
I
did
not
talk
to
her
I
forgot.
What
I
needed
to
talk
to
her
about
well.
A
So
at
this
basically,
let
me
also
share
my
screen.
Maybe
that's
better.
Actually
sorry
for
that
desktop
3
I
think
you
see
now
together,
yep
yeah,
so
this
was
in
correlation
to
the
members
also
contribute.
A
A
A
F
Again
well,
part
of
it
is.
B
F
A
F
F
A
All
right
so
for
the
2.3,
we
will
put
that
one
a
bit
on
hold
them.
For
now
till
we
have
a
bit
more
clarity
from
the
steering
one,
so
we
can
fill
it
in
develop
in-person
educational
training
and
training
materials.
A
D
F
The
2.9
helps
achieve
the
two
six
two
seven
and
two
eight
so
I.
F
C
So
the
only
thing
that
I
want
to
guarantee
with
this
is
that
whatever
format
we
do
set
up
is
compliant
to
the
standard
that
I
can't
remember
the
acronym
for
for
universities
at
some
point,
because
we
only
need
one
template
for
that,
and
then
we
would
be
able
to
have
a
partnership
with
many
certifiable
entities.
That's.
F
B
F
Okay,
I,
don't
know
if
Academia
ingests
that
but
maybe
I
that's
why
we
need
a
subject
matter
expert
and
somebody
to
research.
It
yeah,
yeah,
I,
agree,
I,
agree.
A
F
No
mandate
that
the
plan
has
to
have
the
same
numbering
and
structure.
If,
if
you
feel
as
a
leader
of
this
group
that
that's
they
belong
under,
there
go
for
it.
A
E
So,
just
to
update
I
did
talk
to
Jennifer
I'm
gonna
get
her
and
I'm
probably
gonna
need
your
help.
Glenn
and
maybe
Saul
I
mean
just
to
kind
of
draft
what
we
want
to
like
send
out
and
then
she
can
take
it
from
there.
That's
what
she
told
me
like
what
we
want
to
like
make
the
call
for
like
what
we
want
to
say
so,
just
for
the
record.
A
Cool
then
we
have
this
one
I
know
we
made
some
nice
progress
there
talking
about
servier
from
theater,
for
example,
for
the
code
Prevail
approach,
so.
B
A
That's
correct,
yeah
yeah,
so
the
idea
that
we
had
already
for
a
while
in
SKF,
where
you
have
the
real
hacking
environment
operating
system.
Now,
currently,
we
are
using
over
zop
for
the
dynamic
application
security
testing,
but
we
also
wanted
to
have
a
source
tool
like
code
ql
that
looked
there
and
finds
vulnerabilities
from
the
aesthetic
point
of
view
how
we
build
the
labs
before
yeah.
A
So
next
to
that,
we
can
even
have
a
separate
learning
path
now
in
a
future
thing
not
for
this
MVP,
but
in
the
future,
maybe
for
year,
two
where
we
can
even
say
hey
and
we're
going
to
build
learning
plots
in
using
all
the
labs
and
in
SKF
for
you
how
to
use
and
build
your
own
rules
for
codeql.
You
can
then
test
them
on
all
the
code
Snippets.
We
are
because
guess
what
a
lot
of
the
code
Snippets
actually
will.
Not
be
flagged
by
code
ql
for
vulnerabilities,
so
if.
D
A
Introduce
new
code
Snippets
or
new
labs
in
different
languages,
then
people
also
can
even
build
new
rules
right
for
code
that
they
can
test
that
they
can
contribute
back.
So
also,
there
is
a
very
positive.
A
C
I
mean
we're
at
time,
but
I
want
to
say
this
is
probably
the
part
of
this
entire
segment
of
this
entire
plan
that
I,
like
the
most
it's
the
most
actionable.
It
makes
like
what
I
want
to
think
about
the
most
when
I
do
interface.
Design,
particularly
for
security,
is
like
only
give
the
information
as
close
to
the
event
in
question
as
possible,
because
it
has
to
be
highly
contextualized,
I,
I,
love
that
and
I
don't
know
if
it
I
mean
well,
let's
look
at
it
this
way
year.
One
is
actually
2024
right.
C
F
C
F
Yeah,
but
we
want
to
do
this,
I
would
say:
I
would
suggest,
because
you've
already
you've
already
committed
to
a
lot
in
this
particular
section,
and
many
of
us
are
on
multiple
sections,
so
we're
going
to
have
you
know
the
contention
for
our
bandwidth
phase
it
in
we're
going
to
commit
to
a
small
boc
or
whatever
it
might
be.
How
you're
going
to
word
that
and
then
we'll
it'll
be
expanded
in
year.
Two.
F
A
All
right
from
the
goals
that
we
can
do
is
there
anybody
who
wants
to
help
or
contribute.
C
And
then
I'll
put
another
call
into
cncf.
That's
my
full
sort
of
Active
network,
but
I
do
have
I
mean
I.
Do
have
thoughts
about
the
ways
that
we
should
be
providing
information
to
a
large
audience
that
I
love
to
discuss,
but
I
think
that
would
be
a
sidebar
conversation.
Definitely
because
I've
got
a
lot
of
experience,
designing
large
courses,
and
we
could
do
this
in
some
really
cool
ways
that
would
be
able
to.
Let
me
know
that,
literally
without
cognitive
bias,
we
guarantee
that
we
have
someone
who
has
exceptional
skill.
C
F
A
Perfect,
that's
great
well,
I
will
do
the
2.5
and
the
two
dogs.
E
Also
on
2.2
avishay
did
update
us
last
time
that
he
did
ask
Microsoft
and
he
did
not
have
any
courses,
so
you
can
take
him
off
there.
Yeah.
G
A
You're
good
all
right
well
for
the
other
people
that
are
in
the
chat.
Please
review
it.
You
know
who
is
actually
taking
on
one
of
these
actions
and
keys.
So
if
you
have
one,
that's,
you
know
still
open
and
workable
on
it.
Please
do
some
research
on
it
and
make
a
PR,
so
we
can
merge
it
and
we're
a
step
closer
yay
yay,
all
right,
any
other
questions
before
we're
going
to
wrap
it
up
or.
A
All
right,
then
I
would
say
thank
you
very
much
for
being
here
again
and
spending
six
more
minutes
than
actually
was
intended
very
much
appreciated
and
see
you
all
for
the
next
one.
Wait.