►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Rolling
welcome
everybody
to
the
October
13th
meeting
for
our
subgroup
of
the
Sig.
Again,
the
agenda
has
been
posted
in
the
chat.
If
you
haven't
already
marked
yourself
as
present,
please
go
ahead
and
do
so
a
couple
things
we
need
to
address
today,
but,
first
and
foremost
anyone
new
who's
joining
the
group
like
introduce
themselves.
B
B
C
Yeah
I
haven't
participated
in
this
call
before
been
hanging
out,
but
not
on
not
on
this
call,
Eddie
knight
from
sonotype
a
couple
familiar
faces
on
here.
D
A
All
right,
as
always,
any
assistance
anyone
can
provide
with
scribing
the
notes.
Everyone
is
welcome
to
type
into
the
document,
but
someone
help
me
describe
as
we
go
through
this
greatly
appreciated.
A
First
item
on
the
agenda:
oh,
if
anyone
has
anything
we'd
like
to
add
to
the
agenda,
please
go
ahead
and
add
it
to
the
bolded
list,
we'll
try
and
get
that
covered
today
before
we
wrap
things
up.
The
first
thing
we
want
to
talk
about
is
the
spreadsheet.
A
Here
here
is
a
link
to
the
spreadsheet,
so
there
was
not
really
any
changes
that
were
made
to
the
spreadsheet
since
last
time
we
talked,
we
do
need
to
get
this
finalized
and
I
do
want
to
socialize
this
with
the
larger
Sig
and
working
group,
so
wanted
to
give
everyone
a
chance
to
speak
up
here
for
any
additional
feedback
that
they
would
like
to
provide.
Randall
your
hand
is
up.
E
I
we've
been
working
on
breaking
down
David
or
getting
the
breakdown
that
we
use.
That
SKF
for
David's
course
and
I
have
to
add
that
I
haven't
I,
didn't
get
a
chance
to
add
that,
but
I
should
have
that
and
I
think
there's
a
couple
other
courses
that
we
have
that
I'll
be
adding
not
just
because
they're
they're
on
the
spreadsheet
right
now,
but
they're
not
broken
down,
because
a
lot
of
them
cover
a
lot
of
different
parts.
E
So
that's
what
I
have
to
add
to
this
spreadsheet,
which
I'd
like
to
do
maybe
today
or
tomorrow,
foreign.
A
Thank
you
very
much
for
that.
Does
anyone
else
have
information
that
they
feel
needs
to
be
added
to
the
spreadsheet.
A
Well,
that's:
how
is
always
the
Boggle
for
these
things,
so
the
goal
here
is
really
to
put
together
the
the
it's,
the
first
draft
of
how
we're
going
to
organize
our
materials
we
brainstormed
last
time
and
just
added
stuff
to
the
spreadsheets
Randall
and
some
others
have
added
specific
category
breakdowns
that
exist
today
in
SKF
and,
as
you
mentioned,
the
way
it's
breaking
down
at
David's
course.
We
as
a
group
need
to
decide
how
we
want
to
look
at
the
end
of
the
day
for
the
first
draft.
A
A
So
if
anyone
has
any
ideas
or
suggestions
on
the
best
way
to
proceed
once
the
additional
information
has
been
added,
please
speak
up
Randall.
Is
this
a
new
question,
or
is
this
yeah.
E
I
think
that
Dave
Dave
wheeler
David
wheeler
would
be
a
good
person
to
bring
into
this
meeting
at
some
point,
because
we
had
some
conversations
with
him
regarding
SKF
and
how
he
envicious
things
bring
being
broken
down
because
right
now
we
have
it
all
broken
down
in
courses
and
that's
not
really
working.
So
it
almost
seems
like
we
want
to
move
in
the
direction
of
breaking
it
down
and
oh
look.
Dave
joined,
but.
E
F
Okay,
how
can
I
help
or
confuse
you
further.
C
E
Was
talking
about
how
we
are
going
to
track
this?
Because
we
talked
about
like
how
like
because
right
now
we
have
it
in
courses,
but
it's
like
Glenn's
not
happy
with
the
way
it
works,
because
he
says
it's
too
confusing
people
don't
know
where
to
go.
So
we
were
thinking
about
changing
that
to
like
specification
or
like
job
description,
maybe
and
organizing
the
material
we
have
like
if
it's
application
security
or
how
we're
going
to
go
about
organizing
things,
because
we're
talking
about
organizing
the
spreadsheet
as
well.
B
You
know
thinking
about
how
the
education
are
we
going
to
Target
some
of
this
morator
Persona
discussion
about
what
levels
of
Education
I
know
we'll
break
that
down
kind
of
into
the
phased
approach
of
education
at
some
point,
but
as
we
think
about
the
materials
you
know,
there's
one
of
the
things
I
added
to
this
spreadsheet
or
the
week
or
the
document
to
talk
about
today,
the
national
cyber
director
had
put
out
a
new
email,
I
think
most
of
you
have
probably
seen
it.
B
You
know
starting
to
think
about
how
that's
broken
down
into
trading
and
education,
diversity,
accessibility,
other
things
is
there
an
area
where
we
want
to
break
that
down
to
Target
specific
types
of
education
for
specific
groups
versus
just
more
generically,
thinking
about
it
and
via
content,
so
I
think
we
should
probably
factor
that
in
as
we
discuss
it.
F
Yeah
and
I
don't
think
we
have
to
go
down
super
deep,
but
things
like
I'm,
not
sure
about
K,
but
K-12
management,
more
detail,
fundamentals
I
mean
I,
you
know
I,
you
know
I'm
mixing
up
different
groups
and
different
kinds
of
courses,
but
I
I
think
that
there's
different
personas
and
different
areas
that
need
to
be
dealt
with
and
also
depth,
because
on
here
we
go
all.
A
A
A
This
was
the
basic
layout
that
we
put
together
last
time
that
we
met.
We
again,
we
brainstormed
most
of
the
information
in
this
area.
Here.
G
A
D
D
So
we've
proposed
that,
for
the
general
focus
to
put
the
rewards
and
incentives
around
to
just
kind
of
an
end
point
for
me
is
thinking
what
is
a
sufficient
level
of
education
for
someone
to
be
rewarded
for
that
or
action
to
be
rewarded
out
of
that,
and
so
for
the
first
year
we're
trying
to
prioritize
like
secure
Supply
changes,
because
I
know
we
can
get
that
cloud
data
and
application
security.
D
Most
of
this
right
now
looks
like
it's
application
security,
which
is
good
but
I,
think
as
an
end
user
of
this
education
I'm
going
to
want
to
come
to
it
with
a
explicit
sort
of
security
Persona
that
I'm
trying
to
pursue.
D
F
B
I
mean,
as
we
think,
about
kind
of
curriculum
and
path
to
development.
In
that
context,
I
agree
that
cloud
knapsack
are
potentially
different
markets,
or
at
least
there
is
some
potential
overlap,
depending
on
company
or
organization,
but
at
a
learning
level
for
college
or
secondary.
Even
thinking
about
that
the
level
of
Education
they
get.
Are
we
building
a
curriculum
for
a
new
major,
or
are
we
potentially
adding
these
in
as
components
to
existing
Majors?
As
we,
we
kind
of
talk
about
the
learning
plan
or
target
audience
as
we
build
out
an
education
theme?
B
You
know,
because,
certainly,
if
you're
a
computer
science
engineering,
major
you're,
going
to
touch
a
number
of
these,
but
if
you're
in
an
actual
cyber
security
you
know
path,
then
you
know
all
of
these
would
potentially
be
relevant.
So
it's
really
becomes
a
conversation
about
you
know:
how
do
we
segregate
these
in
a
meaningful
education
plans
and
phase
them
at
each
level?
B
D
Well
sorry,
at
this
time,
is
it
possible
just
to
add
in
a
proposed
security
Matrix
focus
into
this
spreadsheet
and
just
tag
those
with
each
of
the
ones
that
would
line
up
with
part
three
of
the
plan
just
start
getting
an
idea
of
what
we
can
fully
support,
because
it
is
different,
like
the
Cs
that
people
learn
these
days
does
not
have
any
cyber
security
in
it
or
really
anything
to
do
with
apis
for
the
most
part
it
gets
ignored.
D
H
H
So
that's
some
that's
a
goal
we
want
to
have,
but
we
should
not
have
the
expectation
today
we're
going
to
go
in
and
tell
universities
and
colleges
around
the
globe
you're
going
to
change
your
program,
we're
going
to
need
to
make
the
content
worthwhile
and
useful
and
figure
out
ways
to
get
them
integrated
and,
like
Eric
mentioned
it's
a
big
push
here
in
the
states.
H
There's
an
effort
to
prioritize
that
so
that's
another
Avenue
we
potentially
could
leverage
on
jumping
on
the
site,
Office
of
the
Cyber
directors
memo
and
call
for
a
comment
to
say
we
feel
these
types
of
things
are
useful
should
be
put
into
curriculum,
but
it's
I.
Don't
know!
That
is
a
problem
for
us
today
to
try
to
solve
it's
a
future
task
and
we
should,
as
Sal
asked,
can
we
change
the
Matrix?
Absolutely
that's
what
we
asked
last
week.
H
Please
make
the
Matrix
useful
to
you
so
that
you
know
we
get
value
out
of
that
before
we
start
putting
things
in
here,
because
I
would
hate
to
go
through
and
categorize
everything.
And
then
someone
comes
back
a
month
later
saying.
Oh
what
about
this,
and
then
we
have
to
do
a
bunch
of
rework.
A
Yeah,
let
me
just
reiterate
that
that
this
is
not
necessarily
the
set
in
stone
final
version.
We
are
going
to
learn
new
stuff
as
we
move
forward
we're
going
to
need
to
make
some
changes,
but
because
there's
so
many
dependencies
on
having
this
completed
this,
at
least
the
organization
piece
that's
completed.
We
do
need
to
make
this
a
priority
and
and
get
this
wrapped
up
as
expediently
as
we
can
ramble.
E
E
That
being
said,
I
do
know
that
there
is
some
work
with
Academia
I'm,
not
familiar
I
I've
been
told
that
I
will
get
in
touch
with
the
guy
that
controls
asvs
soon
I
haven't
talked
to
him
yet,
but
maybe
it'd
be
good
to
talk
to
them
about
it,
because
I
do
know,
there's
a
lot
of
work
that
happens
and
there's
like
it's
been.
It's
been
redeveloped
like
five
or
six
times
too
I
think
five
times
or
I.
E
F
E
F
E
Correct
so
and
I
know,
as
I
said,
that
that's
like
developing,
like
there's
a
lot
of
interested
parties
in
that
I
according
to
Glenn,
there's
even
an
institution
called
Crest
that
gives
certifications
that
are
based
on
the
the
asvf
or
asvs
and
they're
according
to
him,
a
very
highly
accredited
and
all
that
jazz.
So
yeah.
F
I,
don't
know
what
highly
accredited
means,
but
okay,
David,
yeah,
okay,
so
a
quick
thing,
I
I,
would
also
say:
don't
try
to
create
a
whole
like
a
degree
program.
There
are
other
folks
who
do
that
and
since
the
I
mean
yes,
I
I
teach
a
course
at
a
university.
F
So
technically
I
mean
that
could
be
me,
but
not
not
in
the
same
sense,
if
I'm
not
deeply
involved
in
controlling
you
know
and
working
across
a
country
never
mind
the
world,
but
I
will
note
that
Carnegie,
Mellon,
University
and
I
think
it
was
actually
specifically
the
SEI
developed
like
a
whole
degree
program
years
back
I,
don't
know
if
there's
been
much
take
up
of
that.
F
But
you
know
such
things
already
exist
and
I
I
think
right
now
the
need
is
much
more
for
the
general
developer
and
the
and
managers
and
people
who
might
be
coming
into
software
development.
Not
for
the
specialists,
where
you
do
want
more.
You
know
a
deeper
and
more
courses,
but
that's
probably
a
different
lift
I'm,
not
saying
it's
a
terrible
idea,
but
just
I'm
not
sure
this
is
the
right
group
and
I'm
not
sure
that
that's
the
need
right
now.
F
F
D
Just
a
quick
note
on
I
think
where
and
how
this
education
should
be
distributed.
So,
in
the
section
two
part
of
this
working
group
Consortium,
one
of
the
proposed
sort
of
vectors
for
training
in
education
is
going
to
be
Major.
League
hackathons,
which
I
think
is
our
perfect
opportunity.
D
Their
traditional
model
is
to
provide
the
educational
curriculum,
then
train
up
a
set
of
early
Engineers
or
career
change
Engineers
into
those
positions
like
SRE
roles,
for
example,
now
I
think
it
makes
a
lot
of
sense
that,
if
we're
pulling
curriculum
from
specific
corporate
entities
that
we
create
a
pathway
through
which
they
get
the
education
and
that
Corporation
is
then
incentivized
to
pull
them
into
the
open
source
projects
that
they
work
with.
D
But
to
do
that,
the
Partnerships
that
we'll
primarily
need
are
to
provide
this
curriculum
as
a
whole
back
to
the
corporations
that
are
providing
it
and
then
use
that
as
our
education,
conduit,
I,
think.
That
makes
the
most
sense.
For
me
specifically
my
end
goal
always
in
this
is
to
not
just
educate
them,
get
them
educated
enough
to
be
consumed
into
a
practicing
role
in
open
source.
D
So
if
our
metric
gets
us
to
them
both
as
a
contributor
and
as
a
paid
contributor,
we're
in
a
good
spot,
so
I
guess
that's
the
vector
that
this
education
can
go
by.
It
would
look
like
a
nano
course
and
I.
Think
developing
it
with
that
is.
Our
first
pass
in
mind
gets
us
on
a
really
good
roadmap
to
be
able
to
insert
this
into
more
traditional
Academia.
That
would
still
have
that
end
goal
of
getting
them
into
work.
D
Do
they're
called
Major
League
hackathons
because
they
started
working
in
hackathons,
but
for
several
years
now,
they've
been
building
out.
Essentially
they
do
basic
training
and
they
spend
several
months
working
with
them
with
an
external
sort
of
system
of
mentorship,
while
they
contribute
to
open
source
projects.
I.
D
D
C
It
might
also
come
from
a
different
angle,
but
adding
recent
grads
to
the
target
audience
could
be
could
be
some
because
that's
I
mean
that's.
What
mlh
is.
F
I'm
just
gonna
add
this
at
the
end
and
we
can
merge
it.
I,
just
don't
try
to
get
ignored.
So
so
that's
a
recent
grad
under
Target.
D
Yeah,
so
it's
both
for
sort
of
like
Advanced,
like
recent
grads,
Masters
or
people
who
are
converting
in
a
field.
So
someone
who's
going
from
devops
to
SRE
is
what
they've
been
working
on
lately
and
it's
basically
a
three
to
six
month
pathway
where
their
sort
of
reference
to
be
able
to
get
through
the
course
is
whether
or
not
the
maintainers
enjoyed
working
with
them,
which
is
a
really
good
metric
for
me.
D
We
should
we
should
get
education
on
this
table
before
we
get
metrics
into
it,
but
I
think
the
metrics
can
come
a
little
bit
more
out
of
I
think
this
is
just
the
repository
for
the
actual
resources,
but
in
this
part,
three
the
incentives
I'm
trying
to
sort
of
think
about
how
we're
lining
those
up
now,
with
the
way
we're
implementing
these.
A
A
Foreign
want
to
get
too
granular
I
think
on
this.
You
want
to
try
I
mean
there's
not
going
to
be
a
perfect
delineation
of
all
these
different
roles,
but
we
want
to
try
and
figure
out
a
way
to
take
the
content
that
we
have
and
guide
it
toward
the
right
group
of
people
and
and
there's
going
to
be
a
little
bit
of
overlap.
I
think
we
talked
about
recent
grad
versus
new
professional
as
an
example
of
that,
but
in
my
opinion,
the
materials
of
that
individual
Persona
would
be
looking
at
are
pretty
similar.
H
What
I'd
like
to
remind
us
of
our
current
task?
I,
love,
that
we
have
a
lot
of
Amazing
Ideas
and
we're
starting
to
do
solutioning
we're
putting
the
cart
ahead
of
the
horse.
We
have
to
re
finish,
revising
the
plan,
something
that
we
feel
is
achievable
with
again
resources
and
timelines,
and
then
we
need
to
propose
it
for
the
governing
board.
Then
we
can
start
to
you
know,
building
the
the
airplane
so
to
speak.
H
So
we
need
to
get
this
plan
finished,
because
the
governing
board
is
becoming
very
anxious
and
we
would
like
to
make
sure
we
still
can
capitalize
on
their
Goodwill
and
continued
funding
for
our
efforts.
So
if
we
could
try
to
focus
on
getting
the
plan
in
a
reasonable
enough
state
that
we
think
has
enough
detail
that
we
can
move
forward,
but
not
enough
that
we
are
getting
down
to
the
microscopic
level.
That
would
be
useful
for
us
in
the
short
term
and
then
again,
I
still
want
to
capture
these
ideas.
H
There's
been
some
great
things
in
all
the
working
groups,
but
we
again
need
to
get
the
plan
finished
because
we
don't
have
any
funding
yet
and
we're
risking
the
the
wrath
of
our
sponsors.
Potentially,
if
we
don't
start
to
have
something
to
talk
about.
A
And
that
is
the
best
unplanned
segue
into
the
second
bullet
point
I
have
for
the
meeting
today,
but
before
we
go
to
that
or
about
halfway
through
now,
so
I
think
we
request
to
probably
stop
talking
about
this
and
move
on
here's
the
homework
that
I
am
proposing.
Here's
the
schedule,
I'm
proposing
again
I,
know
the
third
time.
I've
said
it.
I
promise
you
the
last
one
this
getting
this
organization
together
is
a
dependency
for
a
lot
of
things,
not
just
with
our
group
with
the
other
groups
too.
A
They're
waiting
on
this,
so
I
suggest
that
all
spreadsheet
feedback
and
suggestions
and
there's
been
a
lot
of
good
ones
here,
be
in
place
by
next
Tuesday
October
18th.
There's
an
education
Sig
next
Wednesday
October,
19th
I'm,
good
friends
with
the
person
who
moderates
that
meeting
and
I
think
I
can
get
myself
on
the
agenda
to
talk
about
this.
But
we
need
to
get
this
finalized
by
the
end
of
next
week.
A
Is
the
first
draft
that
we
are
going
to
move
forward
with
actually
executing
on
and
sorting
the
educational
materials
that
we
have
gathered
using
those
different
categories
that
we
come
up
with
in
the
spreadsheet
and
providing
the
spreadsheet
as
an
artifact
to
these
other
groups?
So
they
can
also
use
it
to
organize
some
of
the
things
that
they're
doing
so
that
will
effectively
become
version.
1.0.
H
D
Yes,
yeah
yeah
I'm
happy
to
do
another
columnist
next
week.
One
thing
that
I
think
that
we'll
want
to
agree
on
and
probably
do
this
in
the
slack
is
just
like
a
half
a
pager
paragraph
that
states
what
the
intention
was
of
the
spreadsheet
and
what
the
key
identifiers
are
that
we'll
be
working
with
from
it.
D
I
can
help
to
write
that
up,
but
that'll
be
a
conversation
so,
but,
and
that
also
has
to
come
together
sort
of
with
the
data
coming
together.
So
but
I
do
think
just
a
session
straight
on
the
spreadsheet
would
make
a
lot
of
sense.
A
Is
that
let
me
think
here
so
the
Sig
meeting
is
on
Wednesday
morning
U.S
time.
I
would
assume
that
if
we're
going
to
have
an
extra
meeting,
it
would
need
to
be
prior
to
that
either
Monday
or
Tuesday.
D
Yeah
I'll
do
that
in
part,
like
that'll,
be
my
sort
of
takeaway
as
well
as
we're
curating
through
and
making
sure
we
have
that
final
content,
then
I
can
take
that
really
nicely
and
we
can
take
those
identifiers
through
to
the
other
two
parts.
A
A
B
I
I
think
you
know
some
Crowe
put
in
a
thing
here
where
there's
actually
a
mailing
list
thread.
That's
addressing
this,
but
I
think
it
kind
of
points
a
little
more
towards
the
importance
of
of
the
training
education
across
all
these
levels
that
we
are
discussing
but
I.
B
I
guess
is
kind
of
the
thought
I'm
having,
but
I'll
look
at
the
mail
threat
probe
put
together
or
whoever
put
that
together
and
see
where
I
can
help
add
to
that
goes
across
all
of
the
groups
really
based
on
what
they're
looking
for,
but
you
know
calls
out
the
education
quite
clearly.
H
H
They
had
a
summit
earlier
this
year
where
they
invited
industry
luminaries
and
the
LF
was
represented
in
the
open
ssf,
and
this
was
specifically
targeting
a
deficit
in
cyber
Security
Professionals,
the
the
hiring
Gap
so
to
speak,
and
so
it's
very
targeted
on
education,
cultivating
new
Learners
or
career
Changers,
getting
into
this
career
path
to
help
fill
a
lot
of
these
open
roles
and
how
to
get
them
the
necessary
skills
and
experiences
so
that
they
can
become
effective
practitioners.
H
I
posted
a
link
in
the
zoom
chat
with
a
straw
man
of
a
response
that
this
group
potentially
could
put
forward
to
say
this
is
who
we
are.
This
is
what
we're
doing
in
response
to
this
effort
by
all
means.
This
is
not.
H
Our
group
is
not
exclusively
focused
on
the
states,
but
this
I
think
there's
the
opportunity
here.
If
we
can
Captain,
we
have
the
the
attention
of
policy
makers
here
in
the
states
and
I
think
that
would
definitely
translate
around
the
globe
if
we're
able
to
entice
them
to
participate,
be
aware
of
us-
and
you
know,
do
things
like:
we've
talked
about
influencing
curriculum.
Well,
if
we
can
get
the
U.S
Department
of
Education
to
talk
to
Academia
that
might
be
useful
and
then
you
know
they're.
H
H
As
this
group
to
say
this
is
what
we
are
doing
to
address
this
problem.
We
would
like
to
participate
in
trying
to
help
solve
it.
Please,
patch
is
welcome,
add
remove
delete
anything.
You
see
Emily's
already
hopped
on
this.
So
please
add
this
and
also
for
your
the
companies
you
represent.
You
are
also
free
to
open
call
for
comment
so
if,
for
example,
the
red
hat
or
the
Microsoft
we're
interested
in
doing
their
own
proposal
cool,
you
know
here's
some
additional
context.
You
might
be
able
to
provide
your
internal
organizations.
A
Thanks
for
that,
crew
I
dropped
the
link
to
the
draft
response
in
there
with
group's
comment
and
encourage
everyone.
Take
a
look
at
that
when
you
have
an
opportunity,
but
for
now,
because
we
need
to
have
a
plan
before
we
execute
the
plan,
it's
going
to
move
on
to
the
plan,
so
the
full
stream
one
plan
needs
to
be
in
Crow's
Hands
by
December
1st
as
the
date
he
has
requested.
A
That
gives
us
three
meetings,
including
today,
to
to
complete
our
section
of
that
plan.
We
need
to
come
up
with
the
goals,
the
Milestones,
a
rough
timeline
and
any
budgetary
ass
that
we
have
I
took.
We
made
some
changes
in
Prior
meetings.
I
took
a
run
at
making
some
adjustments
prior
to
this
meeting.
To
start
the
conversation,
if
everyone
would
scroll
down
and
I
think,
maybe
I'll
share
my
screen
again
for
this
one.
A
Hopefully
you
guys
can
see
that
I
took
the
I
took
the
text
that
we
have
in
the
current
version
of
the
plan
in
the
repo
and
I
copied
and
pasted
it
here.
Anything
highlighted
is
a
change
that
was
made.
These
suggested
changes
that
I
have
made
I'll
just
try
and
get
things
started,
but
we
have
six
goals
that
we
need
to
make
sure
that
we've
got
a
reasonable
high-level
plan
around
to
proceed
with
and
and
curve
this.
This
is
going
to
get
presented
to
the
governing
board.
If
I'm
not
mistaken,.
B
A
All
right
so
again,
I
think
we
we
have
goal
1.1
in
relatively
good
shape
if
there's
additional
changes
that
we
need
to
make
for
that
we
certainly
can,
but
we
have
our
work
cut
out
for
us
to
get
through
the
rest
of
this
and
get
it
completed
by
the
end
of
November.
A
So
I'd
like
to
spend
the
rest
of
today's
meeting
on
this
I
would
like
to
also
ask
that
between
meetings,
please
contribute
make
feedback,
suggestions,
suggestions
for
additions
or
changes.
We
can
do
it
in
a
document.
We
can
do
it
as
poor.
It's
probably
easier
to
do
is
pull
requests.
Since
we
already
have
this
in
the
repo
but
yeah
we
we
need
to
make
sure
that
we've
got
this
ready
to
go
in
relatively
short
order.
A
A
No
one
has
their
hands
up
cool,
let's
start
at
the
top
and
work
our
way
down
again.
Anything
highlighted
is
a
change
that
I've
proposed.
I
am
not
married
to
this.
If
anyone
disagrees
or
would
like
to
see
something
different,
please
speak
up
and
weigh
in
for
goal:
1.1
review,
existing
educational
materials
for
gaps
and
opportunities.
We
have
identified
zero
dependencies
on
this
previously
I
were
smithed
a
couple
of
these,
but
I
also
added
some
high
level
dates
to
to
these
things
and
again
right
now.
A
These
are
not
dates,
are
gonna
be
holding
anybody
accountable
to,
but
we
do
need
to
indicate
roughly
when
we
anticipate
this
work
happening
and
being
done
so
we
actually
completed
the
first
one.
The
document
is
there:
it's
not
fully
stocked,
but
we
have
a
document
we're
collecting
that
information.
The
second
one
is
the
spreadsheet
I
called
in
materials
Matrix,
that's
just
a
term
that
I
used
again
famous
a
better
suggestion.
We
could
certainly
use
that,
but
it
makes
it
easy
to
identify
other
than
saying
the
spreadsheet.
A
We
need
to
get
that
completed.
As
we
said
earlier,
prior
to
the
end
of
this
month,
I
Consolidated
the
next
couple
because
they
are
actually
the
same
activity
just
focused
on
different
areas.
This
is
reviewing
the
existing
security
development
materials
from
the
following
sources.
We
identified
specifically
The
Atlantics,
Foundation,
openssf
or
wasps
I,
put
the
other
ossf
member
organizations
in
there
to
be
a
generic,
covering
of
any
additional
groups
that
are
affiliated
or
we
are
aware
of,
or
we
want
to
gather
information
from.
We
don't
need
to
list
them
all.
A
Everyone
okay-ish
with
with
those
changes
thus
far
Randall.
E
I
just
had
a
question
if
we
can
send
it
mailing
or
like
an
email
blast
to
all
the
member
organizations
in
ossf,
if
they
do
have
like
educational
material,
because
I
know
like
a
sneak
or
sneaker
I,
don't
know
how
to
pronounce
their
name.
They
have
a
bunch
of
educational,
material
and
I,
don't
think.
What's
his
buckets
on
this
call,
David.
H
H
B
G
H
Don't
know
if
there
is
a
single
mailing
list,
we
can
talk
with
Jory
I.
Do
not
have
the
Cycles
today
to
do
that,
because
my
ass
is
in
this
chair
until
about
six
o'clock.
Tonight
continuously
no
worries,
but
if,
if
that
is
something
we
absolutely
can
and
should
do
and
like,
for
example,
Jeff
borick
from
IBM
is
and
or
no
are
wearing
that
internally
in
IBM
I'm
running
that
internally
at
Intel.
But
there
are
many
organizations
represented
here
and
your
right
sneak
does
have
a
lot
of
really
good
material
and
Dan
is.
A
So
I
added
that
that
would
be
a
task.
H
H
E
H
Glenn
absolutely
should
be
informed
and
a
willing
participant.
Yes,.
A
Understood
the
next
bullet
point
on
here
is
something
that
I
added
after
conversation
I
had
with
chrome.
We
really
need
to
have
a
program
manager
to
to
run
all
the
stuff
that
Sig
is
doing.
A
This
is
only
one
section
of
three
and
there's
a
lot
of
other
stuff,
so
we're
putting
requests
in
here
to
hire
a
program
manager
to
run
the
entire
education
stream
one
it's
in
it's
part
of
this
group,
because
it
had
to
be
part
of
some
group
and
I
volunteered
just
to
have
it
here.
That's
why
this
request
is
here.
We
just
put
it
in
it's
something
that
would
be
extraordinarily
useful
to
help
keep
things
organized
and
make
sure
we're
executing
on
the
plan
and
keeping
it
on
track.
Okay,.
H
And
this
is
an
execution
thing
once
we
start
once
the
plan
is
approved,
which
I
I
hope
it
will
be.
We
have
to
have
someone
to
help
run
it
as
kind
of
their
duties
and
not
as
a
necessarily
a
volunteer.
A
A
That's
we've
got
for
goal
1.1.
Does
anyone
have
any
additional
Milestones
budgetary
asks
that
they
think
should
be
added
to
this
goal?
Randall.
A
Anybody
else
all
right,
if
you
think
of
something
after
the
meeting's
over
again,
please
I
will
make
changes
to
the
plan
with
what
we've
talked
about
today,
as
I
have
been
doing,
feel
free
to
add,
pull
requests
for
changes
that
you
see
or
would
like
to
see,
and
we
can
certainly
review
those
at
the
next
meeting.
A
Moving
on
to
goal
1.2.
This
is
create
an
open
educational
resource
library
of
secure
development
practices.
So
thinking
about
dependencies
for
this,
obviously
we
need
to
have
the
materials
Matrix
completed.
We
need
to
have
a
review
of
the
existing
materials
that
have
been
put
into
the
brainstorming
document
and
some
type
of
verification
of
public
availability
or
allow
or
or
being
allowed
to
use
them
I'm,
not
exactly
sure
how
we're
going
to
do
that
at
the
moment,
but
that's
something
that
we
do
need
to
do.
A
Okay
under
Milestones.
F
H
Would
be
managing
all
the
content
we
either
have
aggregated
together,
you
know,
pointers
or
that
we
create
so
someone
to
help
us
manage
that.
F
F
Thank
you
for
reducing
my
my
confusion.
Don't
worry,
there's
more
where
that
comes
from
that's.
B
Does
that
also
depends
on
the
program
manager,
or
is
that
dependency
for
that.
A
B
A
I,
don't
think
having
a
program
manager
is
dependency
for
us
doing.
This
I
think
a
program
manager
is
necessary
for
the
success
of
the
entire
stream,
but
if,
if
program
manager
is
not
approved
or
hired,
we
can
certainly
continue
doing
this
on
a
volunteer
basis.
As
we
have
been.
A
Think
all
right
again,
payment
comes
up
with
any
dependencies,
please
feel
free
to
add
them
under
milestones.
We
only
had
a
couple
here
and
I
think
the
second
one
is
actually
more
of
a
task
than
a
milestone,
so
the
first
one
is
higher
the
librarian
to
manage,
coordinate
and
maintain
the
Content
Library.
A
Just
a
side
note
we
do
have
that
listed
down
here
under
budget
and
then
the
second
bullet.
Here
again,
this
is
not
a
milestone.
This
is
a
task
decide
where
perhaps
an
open
education,
resource
platform
or
an
LF
training,
certification
platform,
so
I
think
the
Milestone
on
this
is
more
like
determine.
A
H
We
need
to
have
somewhere
to
store
it.
It's
where
people
can
go
check,
books
out
of
the
library
so
to
speak.
H
Yeah
that
that's
the
figure
the
foundation
agreed
upon
for
ftes
for
this
initiative.
G
H
G
H
Think
I
think
that's
fully
loaded
with
Benefits
targeted
it's
a
us-based
salary,
but
that
location
could
be
that
person
could
be
anywhere
okay,
cool,
but
that's
just
generically
for
budgeting.
They
said
use
this
as
for
fdas.
H
Yeah
and
then
maybe
that's
a
choice
we
go
with
because
that's
where
yeah
restore
it
potentially,
but
that
that's
a
DVD,
decided
and
yeah
that
that
isn't
necessarily
the
the
300
isn't
necessarily,
but
someone
would
get
so.
You
would
think
that
generally
an
employee
is
half
salary,
half
benefits,
so
you
would
you
know
your
due
take
home
would
be
roughly
half
of
that,
depending
on
where
you
live.
A
While
we're
talking
about
Milestones
I
will
also
note
that
we
put
another
one
item
under
the
budget
here,
100K
for
tooling,
not
sure
what
that
tooling
was
intended
to
do,
but
we
are
asking
for
it.
So
we
need
to
come
up
with
a
little
bit
more
detail
as
to
what
that's
going
to
provide.
H
That's
hosting
the
library
either.
You
know
it's
getting
additional
storage
on
an
LF
web
server
or
adding
more
SD
cards
to
Glenn's
Raspberry
Pi
array.
E
G
E
F
F
You
know,
obviously
we
don't
need
dude,
you
know,
hey.
We
got
to
figure
out
a
way
to
get
rid
of
100
000
100K,
but
I
do
think
we
need
to
find
you
know
we're
going
to
need
Services
of
some
kind.
We
may
be
able
to
get
some
donated,
but
in
the
end,
we're
going
to
need
to
figure
out
what
the
resources
are.
I'm,
not
expecting
storage,
to
be
an
issue.
To
be
honest,
I
mean
you
know,
start
on.
F
Github
start
on
get
lab,
but
I
do
think
that
running
a
service
is
a
potential
issue.
That's
I
I,
you
know.
Maybe
tools,
isn't
the
wrong
right
terminology
here,
terminology.
D
F
Happy
to
spend
less
if
we
don't
need
to
spend
that
much,
but
we
I
I
would
be
shocked
if
there
won't
be
any
for
some
money
for
services
and
such
yeah.
D
You'll
also
need
it
for
runtime
environments
to
actually
show
examples.
So
that's
what
we
should
be
setting
it
aside
for.
A
So
we
are
just
a
couple
minutes
from
the
top
of
the
hour.
I
would
again
encourage
everyone
to.
Please
take
a
very
close
look
at
the
details
we
have
in
the
plan.
I
will
I
will
update
it
by
end
date
today,
with
the
changes
we've
talked
about
in
this
meeting,
but
we
absolutely
need
to
flush
out
the
Milestones
some
rough
time.
The
Milestones
are
the
most
important
thing
dependencies
and
Milestones.
After
that
we
can
put
a
rough
timeline
together
and
then
the
budgeting
things
as
well.
A
So
what
I
really
like
everyone
to
do
in
the
next
couple
days
before
the
education
Sig
meeting
next
Wednesday,
please
go
in
provide
your
feedback,
your
additions
to
dependencies
and
Milestones.
A
We'll
get
those
reviewed
and
ready
for
this
next
meeting
that
we
have
in
two
weeks
and
by
the
end
of
that
meeting,
I
think
we
need
to
have
at
least
a
good
draft
of
all
this
information.
So
that
gives
us
another
couple
weeks
to
to
you
know
finalize
things
and
get
it
ready
for
the
end
of
November
deadline
date.
A
E
A
G
This
had
a
quick
question
on
one
of
the
items
for
1.1
was
related
to
more,
like
the
Gap
analysis
and
finding
out
what's
missing,
and
so
I
kind
of
did
not
see
that
Downstream
in
terms
of
any
of
the
dependencies.
So
that's
just
curious:
do
you
think
it
feeds
into
1.2
as
a
dependency
or
further
down
the
line
on
the
determined
venues
and
personas,
but.
A
The
content
will
be
created.
I
think
you
are
correct,
that
it
will
have
some
Downstream
trickle,
I.
Think
the
primary
dependency
for
the
result
of
that
is
probably
going
to
be
something
section.
Two
is
going
to
work
on
as
far
as
creating
or
sourcing
additional
materials
to
fill
in
some
of
those
gaps.
A
But
you
know
that's
a
that
is
a
definitely
a
good
call
out.
Okay,.
D
Christine,
are
you
going
to
be
on
the
call
for
the
part
the
implementation
group?
Yes
perfect?
So
my
aim
is
to
come
out
of
our
discussion
for
this
spreadsheet,
having
two
paragraphs,
one
that
states
like
here's,
the
resources
we
had,
here's,
how
we've
organized
them-
and
the
next
statement
is
going
to
say
literally
just
calls
out
the
data
columns
that
we
have
and
then
how
we
propose
to
extend
them
into
part
two,
because
I
need
these
for
part
three
as
well,
so
that
I
think
if
we
can
build
that.
D
That's
why
I
want
to
really
build
that
in
discussion,
but
yeah
I'll
bring
that
to
part
two
and
say
hey.
This
is
what
we're
working
with
from
part
one,
but
help
me
see
what
we
can
do.
G
A
Yeah
and
like
I
said,
please
I'm
gonna
try
this
on
the
on
the
agenda
for
the
Sig
meeting
on
Wednesday
as
well,
maybe
just
as
a
reminder
but
Milestones
dependencies
by
next
Wednesday,
yeah
I'll
get
this
updated
use
PRS
to
to
do
that
and
we'll
have
something
to
look
at
all
right.
Anything
else
for
today.