►
From YouTube: Memory Safety Sig (March 30, 2023)
B
I
won't
be
able
to
stay
the
weekend.
I
was
lucky
to
get
allowed
to
come.
I'll
be
headed
out
Saturday
morning,
but
I'll
get
there.
Monday
yeah.
A
Have
fun
I'll
be
lovely
to
see
you
and
I
have
a
new
jacket
to
match
my
my
my
hat
that
that
I
bought
at
Pax
so
neat
yeah.
B
I
have
several
new
hats
that
might
be
unveiled
there
very
nice.
A
C
So
with
the
fdm
printers,
probably
stuff
for
my
garden
in
my
shed
I,
do
quite
a
bit
of
that
also
pieces
of
terrain
and
then
with
the
resin
printer
little
Miniatures
for
war,
gaming
and
Dungeons
and
Dragons,
and
such
that.
A
Very
cool
I
have
I.
My
fiance
was
telling
me
that
there
is
the
new
TNT
movie
and
the
current
perspective
seems
to
be
I,
went
in
with
low
expectations,
and
that
was
better
than
I
expected.
It
was
good.
Yeah
was.
B
B
A
C
Awesome
so
I
just
posted
a
link
to
the
agenda
in
the
whatever
that
is
meeting
chat,
so
I'm
not
able
to
make
changes
without
it
doing
the
weird
tracking
changes
thing
at
the
moment,
and
it
says
I'm
Anonymous,
so
we
working
at
Microsoft
and
not
having
a
work
Google
account,
though
I'm
working
on
that,
but
yeah
I
would
love
if
everyone
could
go
in
under
today's
date
and
add
in
your
name
and
your
affiliation,
which
I'll
go
ahead
and
do
right
now.
C
It,
oh
no
worries
and
Zoom
doesn't
show
the
chat
history.
So
there
we
go.
C
C
Yeah
until
very
recently,
so
at
one
point,
I
was
a
GitHub
employee,
so
I
had
access
to
I
still
had
access
to
github's
Google
account,
but
that
finally
got
shut
off
recently,
which
I
can
understand.
Why
so
that
yep,
but
we've
got
it.
C
All
right
and
let's
go
ahead
and
start
off
with
some
introductions,
because
I
know:
we've
got
some
newer
people
here.
So
let's
go
ahead
and
do
we'll
do
a
full
round
of
introductions:
I'm
Nell,
shamrel,
Harrington
I'm,
a
principal
engineer
at
Microsoft
I'm,
also
the
vice
chair
of
the
board
of
the
rust
Foundation
strong
interest
in
memory
safety,
not
just
in
Rust,
though
that
that
has
been
my
primary
area
of
focus
for
a
few
years,
glad
to
be
here
leading
this.
C
This
sig,
or
at
least
as
the
technical
lead
and
let's
go
ahead
and
go
to
Gabby.
Next,
oh.
E
Okay,
Gabby
I'm
an
architect
for
visuals
to
do
product,
particularly
C,
plus,
plus
and
I'm
interested
in
systems.
Programming
I
represent
Microsoft
on
the
I,
also
C,
plus
plus
committee,
and
you
know,
I've
been
working
with
Dennis
restaurant
to
bring
more
safety
to
C,
plus
plus.
So
my
being
here.
C
Awesome:
let's
go
to
Josh
next.
F
C
G
F
With
the
Internet
Security
research
group
in
Pro
Simon
do
a
lot
of
work
on
memory
safety
for
critical
software
on
the
internet,
nice
to
be
here.
C
Glad
to
have
you
let's
go
to
Jonathan
next.
A
A
So
yeah
software
engineer
turned
security
researcher
currently
working
for
the
open
source
security
Foundation
under
project
Alpha
Omega,
mostly
Java
developer,
so
already
memory
safe,
but
you
know
devil
in
in
other
places
too.
So
yeah.
C
Cool
Chrome.
B
Hey
everybody
I'm
krobe
my
day,
job
is
I
work
at
Intel,
part
of
our
product
insurance
and
security
group,
but
my
fun
job
is
I,
get
to
work
with
the
open,
ssf
I
help
lead
and
facilitate
a
couple
working
groups
and
sigs,
and
until
Monday
I
am
a
current
member
of
the
attack,
which
is
technical,
advisory
committee
and
Monday.
We'll
see
what
happens
next.
Okay,.
C
Nice
selection
of
water
creatures,
all
right,
let's
go
to
Walter.
D
Yeah,
hey
everyone,
I'm
Walter,
Pierce
I'm.
The
security
engineer
from
the
rust
foundation
so
obviously
have
some
interest
in
memory.
Safety,
as
it
pertains
to
rust
and
I've
also
got
a
background
in
all
kinds
of
security
in
the
past
15
years.
So
memory,
safety
and
braking
memory,
safety
is
kind
of
in
my
bag.
C
Awesome
sauce:
let's
go
to
Christine.
G
Hey
Christine,
Abernathy
and
I
am
at
F5,
where
I
lead
the
open
source
program
office
and
just
attend
a
lot
of
different
open
ssf
groups,
and
this
is
one
of
the
more
interesting
ones.
I'm
just
jumping
in
to
learn
more.
C
Glad
to
have
you
let's
go
to
Jay.
H
I
am
Jay,
oh
God
this.
This
will
be
one
of
about
a
100.
H
means,
I
I,
attend
and
participate
in,
and
and
could
and
and
we'll
be
contributing
to
very
excited
about
this
one,
because
I
get
to
learn,
I
get
to
learn,
stuff
and
I'm
always
excited
about
that
and
then
yeah
yeah
happy
to
be
here.
C
Awesome
and
then
Randall.
J
C
Awesome
cool
well
very,
very
glad
to
have
all
of
you
here
and
greetings
to
our
audience,
who
might
be
watching
the
recording
of
this,
so
I
will
put
a
link
to
the
agenda
in
the
chat
one
more
time
there.
We
are
so
first
item
on
the
agenda.
Is
we
are
now
part
of
the
developer
best
practices
Sig?
Can
we
consider
it
official
probe
awesome?
C
So
thank
you
so
much
for
taking
us
under
your
wing,
your
Swan
Wing
behind
you,
and
we
really
appreciate
that.
C
Awesome
and
then,
as
part
of
that,
we
have
a
shiny,
new,
git,
repo
or
GitHub
repo
that
I
just
put
in
the
chat
and
one
of
my
items.
Agenda
items
for
this
meeting
was
to
plan
out
a
little
bit
how
we
want
to
fill
this
out.
Thankfully,
thanks
to
Jay,
we
actually
have
our
motivation,
our
objective
and
our
scope
already,
which
should
be
pretty
easy
to
fill
in,
but
there's
some
other
work
you
know
putting
putting
in
some
prior
work.
C
I
know:
do
we
get
a
a
mailing
list
probe?
We.
B
C
Awesome
and
I'm
sure
we'll
be
filling
out,
chat,
Charter
and
other
things
so
I
think
the
best
approach
to
this
might
be.
Can
I
have
a
couple
of
volunteers
to
maybe
work
with
me
asynchronously
throughout
the
next
couple
of
weeks,
and
we
can
get
this
filled
out.
C
Walter
all
right,
let
me
just
put
that
in
the
notes.
C
Oh
for
filling
out
our
shiny
new
GitHub
repo.
C
You
can
communicate
over
Slack
throughout
the
week
that
is
potential
spam
I'm,
not
answering
that
call
and
awesome
all
right.
So
next
on
the
agenda,
one
of
my
ideas
for
our
first
project
as
a
Sig
now
that
we're
official,
if
this
is
something
the
group
will
be
interested
in-
is
rewriting
the
memory
safety,
language
stream
in
the
open
source
security,
mobilization
plan.
C
And
the
reason
for
the
rewrite
is
me,
and
a
couple
of
others
were
involved
in
some
of
the
very
early
drafts
of
this,
but
this
was
written
very,
very
quickly
over
I
think
less
than
two
weeks
at
least
the
original
language
was,
and
we
have
a
lot
more
perspectives
and
a
lot
more
context
now
and
I
think
it
would
be
good
to
rewrite
it.
B
I
think
that's
a
great
idea.
We
had
similar
Thoughts
with
the
cert
and
the
education
Sig
I
know.
Josh
is
doing
the
s-bomb
Sig
a
little
differently,
but
yeah
I
I
think
there
was
a
great
start
and
it
needs
we'd
have
a
year
or
more
of
learning
that
we
can
definitely
refine
and
make
it
better.
C
G
C
So
one
possibility
for
getting
started.
Is
we
or
someone
from
openssf
or
gives
me
access
to
create
a
Google
doc
with
the
current
language
in
it,
and
we
can
start
commenting
and
marking
up
that's
one
approach
that
we
could
take.
We
could
also
take
it
section
by
section
but
I
think
maybe
doing
a
general.
You
know
putting
it
in
a
Google
doc.
Doing
a
general
comments.
Overview
part
might
be
a
good
place
to
start.
B
So
a
lot
of
the
working
groups.
Typically,
what
they'll
do
when
you
have
an
item
of
kind
of
high
collaboration
where
you're
going
to
be
doing
a
lot
of
edits
and
kind
of
simultaneous
things?
Is
the
Google
Doc
approach?
You
copy
things
into
a
gdoc
and
then
once
things
are
generally
stable,
ish
or
you're
happy
enough,
then
you
move
it
into
GitHub
and
that
way
you
can
manage
all
changes
through
PRS
and
issues
afterwards.
B
Dock
for
you
or
poke
the
Ops
folks
to
get
us
a
back.
C
B
Know
that's
what
like
with
the
Sig
and
the
education
plan.
That's
what
we
did
is
we
copied
things.
We
chopped
it
up
into
three
sections
that
when
we
split
up
into
little
groups
to
focus
on
those
sections
and
then
iterated
very
quickly
and
then
got
it
into
git
and
then
reviewed
it
more
as
a
big,
a
larger
group
from
that
point
forward
gotcha,
but
you're
free
we're
free
to
do.
However,
this
group
is
interested
in
doing
this,
just
how
others
have
done
it.
C
Makes
sense
I
do
think
it
might
make
sense
to
do
it.
You
know
start
with
the
entire
stream
first.
I
definitely
need
to
reread
it
with
a
fine
tooth
comb
and
I
know.
Many
of
us
probably
need
to
re
re.
That
did
you
print
it
out.
C
That's
awesome,
I,
but
that
that
might
be
a
good
place
to
start
get
us
all
on
the
same
page
with
it
again
and
something
I
know
many
of
you
in
this
room.
I've
worked
with
before
I
know.
We
all
know
that
there
were
constraints
that
this
was
written
under
and
even
when,
when
we
have
stuff
in
it
that
we're
made
critical
of
or
we
want
to
change,
we
always
you
know,
keep
that.
C
Keep
that
in
mind
that
it's
not
a
reflection
of
the
original
writers
necessarily
but
we'll
focus
more
on
the
content.
C
All
right,
so
that
is
something
I
can
work
with
probe
and
others
to
get
it
into
a
dock.
Maybe
after
this
meeting
and
then
I
can
distribute
that
through
the
slack
and
we
can
get
started
on
that
before
the
next
meeting.
C
And
I
do
feel
like
I've
been
talking
a
lot.
So
are
there
any
other
thoughts
on
this
or
on
this
approach
or
on
other
things,
we
could
do
as
a
group.
I
G
C
All
right:
well,
that
is
what
I
had
on
the
agenda.
Is
there
anything
else
anyone
would
like
to
bring
up
or
discuss?
We've
got
a
still
got
45
minutes
and,
of
course,
I
have
no
issue
with.
If
a
meeting
has
is
ready
to
end
ending
early,
but
is
there
anything
else
people
would
like
to
discuss
or
would
like
to
bring
up.
B
Go
ahead,
group
I
I
would
suggest,
just
as
you
stated
that
there
were
certain
constraints
in
a
timeline
when
the
original
doc
was
written.
So
don't
as
we
move
forward,
don't
let
that
limit
your
vision.
If
there's
new
ideas
or
new
things,
new
techniques,
we've
learned
tools,
keep
that
in
mind
and
then,
ultimately,
this
group
should
decide
kind
of
what
our
next
steps
are
like.
What
is
our
goal?
B
Do
we
just
want
to
write
a
position
paper
and
have
a
really
nice
blog
and
a
you
know,
Tech
paper,
that
kind
of
illustrates
how
to
do
things.
Are
we
looking
at
educating
developers
and
are
we
going
to
give
tools
on
how
to
convert
from
C
to
rest,
for
example,
and
then
you
know
think
about
at
the
end
of
the
day,
is
there
some
Financial
ask
and
having
lived
through
that
for
the
last
year,
I'll
be
glad
to
assist
in
kind
of
shepherding
us
up
to
the
governing
board?
B
Once
we
have
a
a
the
groups
decided
to
kind
of
request
for
funding
resources,
tools,
money
and
then
I
can
help
get
us
in
front
of
the
governing
board.
To
present
that
request,.
C
Yeah
well,
one
of
the
things
that
was
discussed
at
the
very
beginning
of
this
group
was,
you
know
putting
together
after
we
rewrite
the
language,
putting
together
a
list
of
projects
and
initiatives.
This
could
include
some
of
the
work
that
prostamo
is
doing.
This
should
include
things
in
the
C
plus
world
like
profiles,
this
could
you
know
various
memory,
safety
initiatives
that
we
recommend
for
funding
from
the
open,
ssf
or
from
open
openssf
members.
B
C
C
So
yeah
I
will
copy
and
paste
the
the
mobilization
plan
language
into
it.
I
won't
make
probe
type
it
from
your
print
out.
There.
B
Yeah
I
think
there's
a
lot
of
opportunity
we
want
to
think
about.
You
know:
are
there
other
foundations
like
the
rust
Foundation
we
want
to
partner
with
officially?
Are
there
any
other
people
kind
of
working
in
this
space?
We
might
want
to
go
out
and
tap
to
try
to
deputize
them
to
be
participants.
So
just
that
you
know
again,
don't
let
the
words
that
exist
there
today
limit
your
vision.
You
know,
if
you
can
make
this
it's
your
dream.
You
can
make
it
as
big
as
you
want
of.
C
C
All
right,
well
I,
imagine
starting
with
the
next
meeting,
which
will
be
in
two
weeks,
we'll
have
a
lot
chewier
discussion
once
we've
all
gone
through
the
and
commented
up,
the
stream
four
memory
safe,
safe
stream
and
I'm
very
much
looking
forward
to
working
with
every
one
of
you.
C
You're
very
welcome
and
thank
all
thank
all
of
you
and
we
will
be
talking
more
shortly
and
keep
an
eye
on
the
slack
Channel
all
right
take
care.
Everyone.