►
From YouTube: End Users Working Group (July 6, 2023)
Description
Meeting notes: https://docs.google.com/document/d/1abI65H4pF5y8YtA2_TuDBAaI47v9mTfpr5mwVvccX_I
D
A
A
A
I
see
you
can
only
make
the
spot
no
worries
right,
any
new
friends.
Anyone
new
to
the
call
would
like
to
say.
E
Hello,
yeah
I'm
I'm
new
to
the
call
Ian
Walker
Smith,
all
right.
Where
are
you
from
oh
yeah?
Let's
do
the
whole
introduction
thing
yeah,
so
I
I,
work
at
city
and
I
am
a
cloud
threat.
Modeler.
B
A
Welcome
back,
it's
me
a
minute
since
I've
seen
any
anyone
else
new
to
the
call.
A
No
all
right!
So,
let's
move
on.
We
have
a
couple
of
bits
of
of
work
that
we've
updated
over
the
last
couple
of
weeks.
We
would
be
useful,
I
think
just
to
review
just
down
on
the
call
he's
not
so
I
wonder
if
we
can
bring
up
the
technical
Charter,
because
I
I
believe
Dan
did
some
update
work.
It
was
one
of
the
issues
that
we
had
last
time
and
Dan
made
some
updates
to
it
and
it
got
merged
appropriately.
A
A
All
right,
if
you
want
to
raise
a
pull
request
for
a
move,
a
technical
chart
that'd
be
awesome,
but
thanks
very
much
for
to
Dan
for
spending
a
lot
of
time
and
effort
into
updating
our
Charter.
We
are
now
chartered
so
we'll
just
write
that
one
off
the
list
I'm
not
sure
if
anyone
else
contributed
to
that.
But
if
you
did
thank
you
very
much.
C
Jonathan
yep,
we
almost
have
a
new
Charter.
There
needs
to
be
an
adoption
date
put
into
it.
A
A
A
So
if
someone
wants
to
raise
a
pull
request
to
adopt
said
Charter,
otherwise,
I'll
nip
in
and
update
it
Happy
Days
right.
The
next
one
is
issue:
five,
the
ingestion
Manifesto.
So
there
were
quite
a
lot
of
updates
to
that
and
I
think
it
was
discussed
in
a
fair
bit
of
detail
last
time
around
I've
just
checked
and
it
it
isn't
in
move.
It
is
actually
you
know,
Humanity
right,
Church,.
A
So
I
believe
we
have
merged
the
pull
requests
that
were
out
there.
I
think.
A
There
was
quite
a
few
I
think
down
the
bottom
from
them
correctly,
but
this
one
adoption
of
tooling
I've
dated
that
as
well
I
think
that
was
discussed
and
a
lot
of
looks
good
to
me
is
coming
through.
A
A
So
the
next
thing
is
well
what
we
actually
do
with
that
right.
So
I
know
that
I'm
personally
interested
in
in
signing
up
to
that
from
a
personal
perspective
and
I
think
there
was
a
suggestion
to
reach
out
to
the
ossf
leadership
to
see
if
they
would
be
interested
in
getting
behind.
That
is
that
is
that
correct
any
other
thoughts
of
moving
that
forward.
C
I
would
suggest,
since
if
the
group
is
happy
with
this,
that
you
arrange
to
show
up
at
a
future,
Tech
call
and
share
it
with
them,
and
then
we
can
arrange
things
like
a
blog
or
socials
or
whatever,
and
we
would,
if
you
to
do
that,
I
would
need
you
to
fill
out
a
issue
of
attack
repo
to
get
on
the
agenda.
C
B
A
Excellent:
let's
do
that
I'm
actually
wearing
vacation,
but
does
anyone
want
to
take
the
lead
on
that
one
yeah
I
actually
have
a
vacation.
I
know
a
number
of
people
are
interested
in
pushing
that
forward.
I
certainly
am,
but
not
alone.
A
Is
that
something
anyone
else
on
the
call
wants
to
take
up
for
next
week
at
the
tech,
otherwise
I'll
do
it
when
I
come
back
from
vacation.
A
Okay,
maybe
I
can
reach
out
to
a
couple
of
people
offline
and
see
if
they
could
support
that
check.
I
think
useful
to
get
a
couple
of
friends
when
you're
presenting
that
right.
A
Okay,
so
a
Blog
article
I
think
that'd
be
quite
cool
and
yeah
need
that
one.
A
Can
I
ask
maybe
Jeff
O'brien
if,
in
terms
of
moving
it,
Forward
I
mean
blog
article
moving
it
through
the
tech
additional
people
signing
up
and
and
backing
it?
Is
there
anything
as
you
put
it
Forward
initially
any
other
thoughts
that
you
had
to
or
places
to
take
that.
F
I
think
those
are
the
only
ones
we
discussed
in
the
past,
but
I
don't
know.
If
you
have
any
suggestions.
I
know
I
have
a
a
draft
blog
that
needs
to
be
updated,
based
on
all
the
feedback
and
changes
we
have
here,
but
it
sort
of
just
covers
the
impetus
all
the
stuff
we've
talked
about,
which
I
think
makes
sense
and
go
from
there
and
I'm
happy
to
be
available,
I'm
not
available
on
the
25th,
but
can
help
form
shape
anything
we
need
to
put
together.
You
know
I
want
to
talk
about.
F
Yeah,
it
could
certainly
be
all
right.
Just
let
me
know
what
I
need
to
I
haven't
been
involved
in
any
of
those.
So
let
me
know
what
I
need
to
help
produce,
or
you
know
I
can
work
with
whomever
is
who's
going
to
lead
it?
Nice.
B
C
Sure
but
since
we
are
asking
people
to
embrace
this,
we
may
want
to
ask
the
GB
if
they
would
like
to
make
a
public
statement,
but
no
we're
not
asking
for
their
approval.
Yeah
group
approved
it.
That's.
B
A
Very
good
all
right
progress,
so
I
will
certainly
close
the
tech
Charter
issue.
I
guess
we're
kind
of
getting
there
with
the
ingestion
Manifesto
issue,
but
I
think
you
know.
Maybe
we
get
it
to
the
tech
and
then
then
close
that
one
all
right
anything
else
to
raise
on
the
ingestion
Manifesto
before
we
move
on.
A
You
know
cool
all
right:
Issue,
Number,
Nine
threat,
modeling,
so
Henrik
you
and
I
have
been
talking
Centric
on
the
call.
A
Rick,
you
and
I've
been
talking
about
threat,
modeling
and
continuing
that.
Is
there
a
any
update
from
the
actually
the
last
meeting
was
canceled?
Wasn't
it.
G
Right,
this
week's
meeting
was
canceled,
it
should
have
been,
should
have
taken
place
on
the
Tuesday,
but
because
of
to
drive
fourth,
that
we
decided
to
drop
that
next
Edition
we'll
follow.
The
new
schedule
happens
on
Mondays,
a
half
past
I,
think
it's
half
past
six
European
Time,
and
then
you
can
do
the
math,
where
it
takes
time
in
your
time
zone
other
than
that
I.
G
So
last
meeting
was
two
weeks
yeah
one
and
a
half
weeks
ago
we
added
a
couple
of
more
details
to
some
of
the
identified
threads,
but
still
on
a
slow
pace
from
my
taste.
I
think
we
discussed
also
but
I.
G
Don't
can't
remember
whether
this
was
during
one
of
the
threat
modeling
you
know
sessions
or
during
actual
Dentures
of
work
meeting
to
publish
this
both
as
kind
of
as
maintained
this
at
some
point
in
time
in
in
git
and
create
with
markdown,
but
also
produce
a
pdf
version
of
that
I
mean
the
overall
or
kind
of
a
repeating
question
I
see
when
discussing
these
is
the
level
of
details
and
granularity
what
we
want
to
get
into
and
as
soon
as
we
start
discussing
individual
Technologies,
we
go
down
those
rabbit
holes,
those
kind
of
half
an
hour
one
hour
on
discussing
a
single
technology
which
is
progressing,
which,
of
course,
kind
of
slows
down
the
progress
on
the
document
as
a
whole.
A
I
guess
a
little
bit
of
update
on
my
involvement
as
well
on
that
I,
so
I
have
gone
through
a
couple
of
additional
threats:
I
think
I've
got
another
10
or
so
to
add
just
need
to
update
that
document.
B
A
You
can
move
any
level
of
granularity.
You
want
it's
still
useful
at
the
granularity
it's
at
and
allows
us
to
look
at
the
different
supply
chain
standards
that
are
out
there
and
map
them
to
that
architecture
with
that
level
of
threats.
Clearly,
when
we
drop
lower
down
and
we
select,
perhaps
a
product
like
a
CI
product,
there'll
be
a
whole
host
of
additional
threats
and
different
medications
that
are
product
specific
and
maybe
that's
a
later
time.
A
I
guess
I'm
also
concerned
about
how
long
it's
taking
and
the
the
pace
but
I
think
we
just
need
to
keep
at
it.
Unless
we
get
to
a
point,
we're
going
to
need
to
put
a
time
limit
on
it
and
move
forward,
but
I
I
don't
think
we're
there
yet.
A
I
think
the
other
comment
is
really
still
looking
for
additional
additional
assistance
on
that
one.
That's
definitely
one
where
helps
needed
if
we
do
have
any
additional
threat.
Modelers
I
know
there's
a
couple
from
City
coming
in
to
help,
but
if
we
do
have
additional
threat,
modelers
or
people
interested
in
assisting
that's
definitely
a
place,
we
want
to
dive
into.
D
A
A
We've
got
ingestion
manifest
festo
being
one
of
the
first
all
good,
all
right
now,
I'd,
add
a
I
did
a
third
issue,
an
additional
issue
issue
13,
sorry,
and
it
was
really
just
in
the
back
of
a
lot
of
work
that
we've
been
doing
around
the
throat
modeling
and
looking
at
ingestion
and
it
sort
of
struck
me
I,
haven't
heard
from
the
S2
c2f
group
in
a
while
and
I
was
gonna
see
if
there
was
interest
from
the
working
group
and
getting
an
update
from
s2c2f
and
where
they're
getting
where
they're
at.
H
And
I'm
here,
so,
if
you,
if
you
did,
want
an
update,
you
know
every
every
meeting,
I
try
to
put
a
rallying
call
out
to
join
the
Sig
and
and
becoming
more
more
involved
in
this
progression.
We
got
some
really
great
feedback
lately
and
we're
making
great
improvements
to
the
to
the
spec.
So
if
the
group
does
one
an
update
of
a
formal
of
day,
we
could
definitely
put
something
together.
H
I
know
we're
looking
at
putting
something
together:
a
slider
two
for
the
supply
chain,
Integrity
working
group
for
the
for
the
attack
next
week,
but
we'd
be
more
than
happy
to
come
here
to
this
working
grouping
provide
the
same
update,
but
of
course
the
call
will
always
go
out
to
having
people
from
this
work
who
come
into
the
sake
and
and
put
your
hands
put
your
hands
in
the
spec
there
as
well,
because
it
just
improves
it
for
for
the
ecosystem,
so
yeah
yeah.
A
My
main
reason
around
that
was
just
as
I
was
sitting
there
doing
the
the
threat
modeling
for
for
that
may
not
architecture.
I
was
just
sat
there
on
the
ingestion
piece
for
quite
some
time,
coming
up
with
threats,
as
I
said
a
whole
whole
through
them
and
then
highly
likely.
There
is
a
part
where
it
starts
to
speak
to
the
s2c2f
stuff,
so
it
kind
of
kind
of
connects
yeah.
H
That
would
be
wonderful.
Are
we
actually?
We
actually
have
two
additional
threats
that
we've
actually
written
or
written
into
the
spec
based
on
feedback
over
the
last
couple
of
months,
so
Jonathan
anything
else,
you
got
by
all
means,
bringing
the
board
have
people
come
and
bring
that
stuff
in,
because
we're
always
looking
to,
of
course,
improve
so
yo
Happy.
For
that
kind
of
information.
H
A
I
am
on
holiday
for
two
weeks,
but
let
me
see
how
that
goes,
and
certainly
afterwards
I'll
do
that
and
we
can
feedback.
A
All
right,
so
next
one
up
is
reports
from
other
working
groups.
I
appreciate
that
quite
a
lot
of
them
have
been
canceled
and
quite
a
few
people
are
still
off
due
to
the
Fourth
of
July,
any
updates
from
any
any
other
groups.
People
want
to
race
or
anything
else
in
the
supply
chain,
industry
that
it
would
be
useful
for
end
users
to
think
about
Jack.
D
The
great
repository
audit
is
still
taking
shape
and
moving
forward
for
those
who
don't
know
the
the
basic
concept
is
that
Alfa
Omega
would
stand
up
some
money
for
audits
inspections.
What
have
you
of
large
repositories
of
software,
so
ruby,
gems,
IPI
and
the
like,
and
also
provide
funding
for
remediation
for
anything
that
was
found
so
that
we're
not
just
dumping
stuff
in
people's
laps
and
yellowing
way?
D
So
that's
that's
in
progress
last
I
heard
it
was.
It
was
basically
formed
up
enough
that
it
could
go
to
the
folks
with
the
money
in
Alfa
Omega
land
and
that's
the
last
I
heard
that
they
were
that
they
were
going
to
do
things
so
I'm
expecting
to
learn
more
about
it
next
week
because,
as
was
the
case
with
many
things,
July
4th
cause
things
to
be
held
off
for
the
week.
A
Very
cool
all
right,
looking
forward
to
that
offer
Omega
still
a
great
ossf
project
and
abashay
you've.
I
Got
your
hand
up
yeah
thanks,
so
a
quick
update
from
the
memory
safety
Sig.
We
are
currently
working
on
a
I
just
pasted
the
our
repository
we
are
currently
working
on
a
we,
the
re-architecting,
the
text
from
the
mobilization
plan
around
memory
safety.
We
are
interested
in
hearing
from
end
users
about
the
challenges
that
they
have
in
adopting
memory
safe
languages.
We
are
currently
also
approaching
distributions
operating
systems
distributions
to
get
their
support
in
also
supporting
memory
safety,
language
natively
in
the
os's.
A
No
I
think
one
just
general
one
I've
been
reading
up
on
the
Cesar
s-bomb
working
groups
on
the
back
of
the
yes
bomber
armor
some
time
ago.
Some
interesting
work
coming
through
from
them,
particularly
around
the
s-bomb
generation
and
usages
at
different
times
within
the
sdlc.
A
Something
I've
been
looking
at
for
obviously
quite
a
while,
but
it's
you
know
starting
to
get
to
be
the
point
where
it's
some
really
good
documentation
in
there
now
so
recommend
taking
a
look.
I,
don't
have
a
link
to
hand
unfortunately,
but
recommend
take
a
look.
C
Grobe
I
participate
in
the
Vex
working
group
within
the
the
larger
s-bomb
efforts
and
if
you'd,
like
my
partner
in
crime,
art
Manion,
is
also
very
heavily
involved
across
all
the
different
CC
groups.
So
if
we
want,
we
could
try
to
petition
art,
maybe
to
come
in
and
give
us
a
readout
of
all
the
working
group
activities
from
CSA
side
to
kind
of
give
us
a
state
of
the
art
of
s-bomb.
If
that'd
be
useful
to
this
group,
art
is
not
shy.
He
likes
to
talk.
A
I
look
forward
to
seeing
that
sounds
good
to
me.
I
think
chops
sounds
good
to
me.
I
think
you
know.
S1
has
been
a
huge
Focus
right
and
I
think.
Whilst
there's
a
lot
of
challenges
still
out
there
it'd
be
good
to
get
a
bit
of
a
readout.
A
Anyone
else
is
interested,
but
sounds
good
all
right,
We've
rattled
through
our
agenda,
so
any
other
business
appreciate
people
are
still
probably
pull
to
the
brim
of
barbecue
from
Fourth
of
July.
Whenever
you
Americans
do
on
Fourth
of
July,
but
I
think
it's
barbecue
related.