►
From YouTube: Security Tooling Working Group (September 13, 2022)
A
A
B
B
Them
yeah
yeah
and
one
of
them's
new,
so
they're
just
trying
to
get
to
know
each
other
and
really
you
know
kind
of
bond,
so
I
I
want
to
go
down
and
grab
them
and
bring
them
up
here.
But
it's
like
no.
Let
them
take
everything
at
their
own
pace,
which
is
a
shame
because
one
of
them
I
like
showing
off
because
he's
polydactyl,
oh
cool,
he's
super
cute
I
mean
they're.
Both
super
duper
cute,
but
the
polydactyl
one
is
kind
of
ridiculous.
B
C
A
A
Yeah
they
said
they
don't
specifically
because
I
guess
what
they
do
now:
they're
a
zoo
which
is
really
funny.
That's
the
only
reason
they
can
have
all
those
cats,
but
they
said
like
every
year
when
there's
a
new
litter
of
kittens.
They
pick
like
the
four
healthiest
or
something
like
that,
and
then
they
spay
and
neuter
the
rest
to
control
population,
and
so
they
don't.
They
don't
specifically
pick
out
the
polydactyl
cats,
but
just
through
the
nature
of
of
everything,
they've
ended
up
with
a
lot
of
them.
B
I
learned
after
I
got
Osgood
that
Sailors
thought.
Polydactyl
cats
were
good
luck,
and
so
they
preferred
to
try
and
get
a
polydactyl
cat
on
their
ships,
which
means
polydactyl.
Cats
are
more
common
around
Port
areas
and
we
I
mean
Portland
despite
you
know,
we're
slightly
Inland,
but
we
are
legitimate
working
Port,
so
nice
yeah,
so
yeah,
that's
that's
kind
of
cool
I
had
no
idea.
D
D
B
A
B
A
Then
there's
an
agenda
for
the
Sig,
which
is
the
second
link
where
we
don't
sign
in
to
make
it
confusing,
I,
guess
and,
and
so
what
I
was
thinking
we
should
do
today,
because
there's
so
many
people
missing
from
well.
In
fact,
I,
don't
think
any
of
the
people
who
currently
have
any
of
the
GitHub
issues
assigned
to
them
are
here
way:
Cameron
and
bunny
I.
B
Are
you
doing
that
can
I
give
while
you're
doing
that
can
I
give
some
some
background
for
how
this
has
been
managed
in
the
two
other
existing
sigs
on
this?
Please
do
so.
Let
me
lower
my
hand
before
I
forget
now,
so
the
other
two
sigs
for
working
for
sorry
still
early
for
me
mobilization
plan
streams.
B
B
So
what
each
of
them
did
is
exactly
the
same,
because
they're
run
by
the
same
person
and
what
we
did
is
took
the
text
from
the
existing
work
stream
stuff
from
that
big
document,
mobilization
plan,
slapped
it
down
and
said:
okay,
let's
look
at
this
critically
now
that
we're
not
racing
to
get
something
out
the
door
for
Washington.
Let's
see,
can
we
actually
do
what
we
promised
in
what
order?
Should
we
do
it?
What
are
the
potential
budget
numbers?
B
So
that's
essentially
what
we
did.
We
took
the
mobilization
plan
text
critically
looked
at
it
did
a
Six
Million,
Dollar
Man
on
the
thing,
and
now
it
is
stronger,
faster,
better
and
now
we're
going
to
start
to
hopefully
execute
on
that.
So
that's
what
they
did
and
it
seems
to
work
really
well,
but
full
disclosure.
What
they
did
took
a
couple
of
months
of
weekly
calls.
B
It
really
took
a
lot
of
work
to
to
look
at
these
things
and
it's
totally
valuable,
because
it's
really
great
stuff
that
we
ended
up
with,
but
just
want
to
set
expectations
for
everyone,
while
we'd
be
starting
that
process.
Today
it
sounds
like
and
Josh
you'll
you'll
clarify,
I'm
sure
if
I'm
wrong,
but
if
we
start
that
process
today,
I
don't
expect
we'll
finish
it
today,
but
I
think
we
can
at
least
start
to
set
some
a
good
trajectory
for
it.
Yeah
totally.
A
A
C
A
B
B
A
It's
actually
really
funny
too,
because,
like
my
wife
has
taken
an
enormous
amount
of
like
Excel
training
and
Office
training
and
stuff,
and
so
she's
really
good
at
all
this,
and
she
mocks
me
because,
like
if
I
have
to
do
something
with
data
I
export,
an
Excel
spreadsheet
to
CSV
I,
write
a
python
script
to
modify
it
and
then
I
re-import
it.
But
that's
how
I
do
things,
but
anyway,
all.
A
Done
and
that's
what
matters?
That's
right,
not
pretty
all
right.
So
if
we
look
at
page
44,
this
is
the
mobilization
plan
which,
if
you
go
to
in
the
issue,
12
I
just
updated
the
link.
We
had
a
link
to
a
PDF
that
no
longer
exists.
Apparently,
but
hopefully
this
URL
will
stay.
This
issue
currently
has
no
owner
Brandon
Lum
mentioned
he
might
be
willing
to
pick
up
and
help
out,
but
I'll
I'll
track
him
down
later,
but
anyway,
right.
A
If
you
click
the
link
you
get
here,
and
then
they
have
a
read
the
plan
which
brings
you
to
whatever
this
is
and
Page
44
is
kind
of
where
we'll
start-
and
this
is
where
I
don't
know
how
many
pages
it's
not
a
lot,
the
s-bomb
everywhere.
Yeah,
it's
only
four
pages.
This
one
was
definitely
not
as
lengthy
as
some
of
the
others,
which.
A
A
A
I
see
this
in
the
dock,
the
numbering
that
all
right-
okay,
I,
blame,
Google,
okay
and
then
I
think
this
is
a
nice
chunk
which
I
will
also
paste
down
at
the
bottom.
Of
course,
none
of
this
will
be
formatted,
which
is
great,
and
then
what
is
this
initial
implementation?
This
makes
sense,
I
think
and
then
obviously
we'll
we'll
move
all
this
to
GitHub
at
some
point
in
the
near
future
and
then
there's
the
levels
which
I
think
are
worth
defining.
A
B
Yeah,
they
were
very,
very
rough
numbers
around.
Each
of
them
like
we're.
Going
to.
This
is
something
we
need
to
staff
right.
Here's
here's
a
function.
We
will
need
to
staff
the
function,
we're
going
to
assume
Staffing
a
function
is
three
hundred
thousand
dollars
right.
They
just
picks
made
some
wild
ass,
guess
and
used
that
number
for
every
single
thing
like
that.
A
A
A
E
A
A
D
A
Right
cool
all
right,
all
right,
let's
start
at
the
top
then
and
and
work
our
way
down
the
sun
pushing
wrong
buttons,
all
right,
so
I'm,
just
gonna
read
aloud,
and
if
anyone
has
comments,
jump
in
add
comments
to
the
doc
we
can
edit
the
doc
in
real
time,
like
I'm,
pretty
flexible
here,
I'm
I'm,
a
pretty
big
proponent
of.
If
you
do
the
work
you
get
to
do
it
your
way.
So
all.
C
A
Ableing
s-bombs
everywhere
prove
the
security
posture
of
entire
open
source
ecosystem.
Producing
stores
maintainers
just
publishing
s-bombs
is
insufficient.
You
need
to
be
proactively
used.
Removing
substantial
barriers
to
further
s-bomb
adoption
lies
in
ensuring
that
does
anyone
have
any
issues
with
this,
like
Preamble
clause.
C
Well,
yeah
I.
So
what
very
unqualified
like
to
me
substantial
barriers
and
then
I
don't
know:
do
you
think
that
s-bomb,
just
in
general,
from
a
procedural
and
tight
perspective,
is
maintained
or
we've
arrived
at
some
level
of
consensus?
Consensus
at
that
or
or
do
we
just
kind
of
take
the
position
of
hey,
go,
implement
this
broad
thing
and
bring
it
back
and
you
know
we
can
discuss.
C
B
Think
so,
as
far
as
glossary
the
education
and
best
practices
working
group,
Sig
is
going
to
be
taking
on
creating
a
glossary
for
all
things:
open,
ssf,
it's
that
work
is
only
just
kind
of
started
as
but
it's
something
that
will
be
happening
because
every
single
venue
that
I'm
in
somebody
says
holy.
Why
don't?
We
have
a
glossary
and
everyone's
like?
Oh,
it's
like.
A
B
Don't
remember
it's
one
of
crows,
I,
believe
it's
the
education
or
and
or
best
practices,
probably
best
practices,
because
that's
the
working
group
so,
but
that
work
has
only
just
sort
of
started
as
a
what,
if
wouldn't
it
be
nice
but
they're
going
to
be
picking
it
up
in
future
weeks.
After
all
of
this
Dublin
stuff
settles
down.
D
C
A
A
to
kind
of
discuss
some
of
that
and,
as
you
can
imagine,
there's
no
consensus
on
any
of
this
yeah,
which
I
mean
Steve's
already
disagreeing
with
me
about
bias,
which
is
fine
but
and
and
yeah
we
we
need.
We
don't
have
data
right.
It's
just
all
made
up
at
this
point,
so
this
this
this
word
substantial.
That's
a
marketing
term!
At
this
point
in
this
document,
I'm
comfortable,
removing
it
does
anyone
have
any
complaints.
D
D
Couch
my
comments
and
thoughts,
so
you
know
I
I
see
this,
as
you
know,
because
I
see
certain
things
already,
you
know
is
this
a
security
focus
group
we're
trying
to
get
s-bombs
adopted
everywhere
and
architect.
The
ways
to
get
that
done
or
what
we
can
do
to
support
that
for
the
purpose
of
improving
security
is.
B
D
A
D
Because
you
know
because
I
don't
know,
if
that
that
I
think
I
would
argue
that
premise
I
know
we're
all
talking
to
security,
but
I
think
it's
it's
it's
easily
possible
at
economics.
You
know
it
will
really
drive
up
even
the
first
wave,
yeah
I
I
get
the
caveat
in
there.
Maybe
the
first
wave
really
is
driven
by
security,
but
but
anyways
I
I'm,
just
trying
to
I
don't
want
to
take
up
all
the
Cycles.
You
guys
are
being
very
efficient
here,
but
I'm
just
trying
to
figure
out
get
my
head
around.
B
So
it
says
security
right
in
the
very
first
paragraph,
I
mean
first
sentence
right.
We
by
enabling
s-bomb
s-bombs
everywhere
we
can
improve
the
security
posture
of
the
entire
ecosystem.
So
I
think
that's
you.
You've
got
an
excellent
point.
There
Chris
it
would
be
kind
of
nice
to
have
some
sort
of
mission
statement
right:
here's
our
elevator
pitch
for
S
bombeth,
everywhere
boom,
and
maybe
we
have
we
stub
out
a
section
where
we
can
fill
that
in
after
we
have
got
the
entire.
B
B
A
D
But
I
see
some
signs
that
you
know
that
it's
influenced
by
it
as
well
is
where
the
hell
we're
actually
going
right
and
I.
Think
as
we
get
into
a
lot
of
the
the
atomic
issues
we
deal
with
one
at
a
time
right
now
we
spend
a
lot
of
time
working
on
individual.
You
know
things
because
none
of
us
have
really
looked
at
where
this
all
goes
so
I
like
that,
you
know.
That's
what
keeps
me
in
the
s-bombs
everywhere
title
in
this.
You
know.
D
Is
this
the
Forum
to
try
to
figure
that
out?
And
you
know,
while
I'm
on
the
soapbox,
you
know
as
I
scan
through
the
docs.
You
know
something
you
know
some
of
the
things
about
tools.
You
know
developing
tools
and
so
forth.
I
think
that
speaks
to
somebody
needs
to
Define.
What
is
the
tool
space,
which
has
a
lot
to
do
with?
You
know
yeah
in
three
years
and
five
years
and
seven
years,
for
you
know
specifically
in
that
sort
of
range.
What
do
we
you
know?
What
are
we
going
to
be
doing?
D
The
whole
day,
I
gotta,
say
you
know
the
whole
Vex
thing
from
the
moment
moment.
I
heard
that
you
know
I
think
it's
an
artifact
of
that
yeah
I
mean
dovex.
Documents
need
to
be
great
for
things.
Maybe
you
know.
Did
the
industry
benefit
by
defending
these
resources
over
this
time?
Scrolling
on
that
no
and
I
think
the
answer
is
really
and
how
you
combine
all
this
crap,
which
is
you
know
that
three
five
seven
you're
out
stuff
for
sure.
B
E
Hey
thanks,
first
of
all,
I
don't
have
the
link
to
this
doc
that
we're
looking
at
I
look
to
the
everywhere
and
I
couldn't
find
it.
So
if
you
could
put
it
in
the
agenda
doc,
so
it
can
be
referenced.
Secondly,
the
I
think
that
there
is
some
there's
some
good
little
chunks
of
of
text
in
that
that
we
can
bring
up
and
just
create
a
common
scope
and
I
don't
feel
like
we
have
a
clear
scope
and
that's
what
we're
talking
about
adoption
should
be
in
the
scope.
E
And
while
we
do
not
have
good
data,
there
is
one
big
barrier
that
we
should
list,
and
that
is
the
nature
of
CD
pipelines.
That
requires
everything
to
be
manually,
updated.
Every
single
workload
has
to
be
manually,
updated
if
a
company
suddenly
decides
that
they
want
to
generate
an
s-bomb.
That
is
one
of
the
biggest
barriers
I
hear
it
every
day
from
people.
So,
let's
take
a
Jenkins
pipeline,
you
might
have
400
500
workflows,
every
single
workflow
is
going
to
have
to
be
updated,
so
there
are
barriers
that
we
can
start
listing.
E
That
we
know
are
not
just
marketing
but
are
real.
So
I
feel
like
that
in
up
here,
the
the
that
we
could
improve
the
security
posture.
I
think
that
that
is
the
I,
don't
know
if
we
have
to
say
that,
because
this
is
the
whole
point,
but
we
have
to
say
the
way
up
front
is
that
there
is
a
lack
of
leveraging
s-bomb
data
and
the
adoption
of
s-bomb
generation
that
we
need
to
address.
A
And
and
part
of
this
as
well
that
we
should
keep
in
mind
is
so
like
everything
Tracy
just
said
is
captured
in
number
two
will
say
badly
because
number
two
is
so
vaguely
written,
and
these
were
all
things
discussed
in
the
initial
setup
of
this
document,
which
was
done,
I,
guess
very
Cloak
and
Dagger,
which
frustrated
me
greatly.
But
that's
another
story
and
it
the
decision
was
made
to
not
explicitly
list.
B
A
A
C
I
started
a
list
I'm
just
like
basically
tooling,
that
I
saw
as
more
or
less
prevalent
and
kind
of
like
my
day
today.
So
I
don't
know.
If
that's
something
we
want
to
be
mindful
of
from
a
tooling
perspective,
or
if
we
want
to
nullify
all
prior
understandings
to
start
fresh
from
a
tooling
Discovery
ever.
B
Us
to
do
this
at
all.
I
want
us
to
contribute
to
existing
efforts
for
this,
because
they
are
out
there
already
as
PDX
and
Cyclone
DX.
Both
are
working
on
their
own
separate
lists
of
tools,
and
we
should
get
these
kids
to
play
nicely
in
a
sandbox
and
all
work
together
on
a
single
set
of
tools.
My
one
comment
on
this
is
this
tool.
Is
this
is
about
generating
s-bombs
yeah,
that's
great.
Whatever,
there's
lots
of
tools
that
can
help
you
generate
Nest
bomb
to
varying
degrees
of
specificity.
B
There
aren't
a
lot
of
tools
and
people
aren't
really
talking
enough
about
consumption
of
s-bombs
and
then
what
do
you
do
with
the
nest
bomb
after
you
get
it,
and
that
is
the
major
problem.
I,
don't
care,
if
you
hand
me
an
s-bomb
if
I,
what
I'm
doing
is
sticking
it
in
a
share,
drive
somewhere
and
saying
yeah
I've
got
this
bomb
and
take
that
box
on
my
compliance
form,
whatever
it's
not
going
to
help
me,
find
any
sort
of
compliance
or
security
issues.
A
C
Way,
yeah
and
actually
to
that
point
right,
there
right
I
think
that
it's
TBD
on
what
even
minimum
minimally
needs
to
be
represented.
I,
think
and
also
I
believe
that
every
tool
listed
as
an
output
format
capability
and
so,
if
you've
kind
of
take
an
iterative
approach
to
trying
to
understand
the
generation
process
and
visualize
that
in
a
meaningful
way,
I
think
that
might
help
on
the
back
end
on
consumption.
B
B
B
Yeah,
so
you
know
everything
people
are
saying
here
is
valuable,
but
I
would.
Rather
we
let
other
people
work
on
that
and
we
look
at
the
areas
where
no
one
else
is
addressing
as
much
I
mean
acknowledge
and
point
people
to
other
things
that
are
already
happening,
but
yeah.
So
so
Vicky.
Are
you
saying
that
we.
B
B
D
D
Is
you
know
explaining
how
any
of
this
goes
together
now
what
I
have
an
s-bomb?
Now?
What
right
you
know
so
and
to
be
clear
on
my
background
of
motivation,
so
I
work
for
an
s-bomb,
tooling,
company
side
beats
and
so
managing
s-bombs
and
so
forth.
You
know,
is
it
sort
of
a
day
job
thing,
but
even
that
you
know
what's
going
on
today
is
pedantic
and
boring
right.
You
know
what
needs
you
know
what
every
group
I'm
part
of
has
a
hard
time.
D
You
know,
raising
their
eyes
up
enough
to
look
forward
is
how
I
got
into
this.
You
know
the
d-bomb,
the
attestation
ecosystem
open
source
thing
right.
You
know
that
that
is
still
a
little
bit
too
far
ahead
of
the
curve,
but
it
speaks
to
all
these
issues.
You
know
what
I
see
is
what
I
was
trying
to
achieve
that
got
me
into
all
this,
and
what
I
still
see
coming
is
I
want
to
say
that
I'm,
Chris
and
I
want
to
know
on.
D
You
know
what
I
should
know
about
this
mouse,
which
may
be
who
shoveled
the
sand
into
the
furnace
to
make
the
chips
or
not
right
and
and
that's
policy
and
it's
connection
connecting
all
the
supply
chain,
players
together
and
I
think
contract
language
has
more
to
do
with
all
of
this
than
any
of
the
tools
in
Tech.
Now,
when
we
look
back,
you
know
five
and
ten
and
more
years
from
now.
So
again,
maybe
this
you
know,
there's
a
lot
of
every
group
is
doing
great
stuff.
D
D
A
For
use-
and
you
can
all
say
if
I'm,
right
or
wrong
or
maybe
I'm
missing
something
so
I
feel
like
there's
a
consensus
that
we
don't
want
to
dwell
on
specific
tooling,
because
there's
already
a
lot
of
pre
well
specific
tools
for
creating
s,
forms
which
there
is
a
lot
of,
and
there
are
going
to
be
countless
places
to
find
that
information
right
go
to
spdx
go
to
cyclingvx,
go
to
whatever
there's
a
ton
of
projects.
There's
a
ton
of
generators.
A
C
B
Think
it's
a
good
I
agree.
Yeah
I
I
agree
that
it's
certainly
in
scope
but
I
think
it's
in
scope
in
as
much
as
it's
something
we
want
to
help
to
facilitate
and
make
sure
is
happening
and
not
necessarily
that
we
are
are
the
ones
doing
it
right,
and
so
perhaps
a
committee
of
this
group
would
be
to
look
at
these
tools
to
advise,
consult,
Jenkins,
GitHub
gitlab.
B
D
I
think
I
think
the
question
was
well
stated
because
I
think
you
know
yeah
I
I
think
both
Alaska
speakers
have
said.
You
know
it's
not
really
hand
waving
but
hand
waving
is
a
good
way
to
say
it,
because
I
think
we
should
all
recognize
the
La
Brea
Tar
Pits
of
of
a
lot
of
this
right
and
you
know
I,
think
it's
safe
to
say
you
know
that
you
are
going
to
be.
You
know
exactly
what
what
I
think
it
just
said.
D
You
know
your
your
system
is
going
to
be
automatically
creating
these
things
in
the
future,
regardless
you
know,
but
there's
a
lot
of
detail
and
to
my
my
last
rant
I
think
what
we
can
do
on
that
side
is
help
frame
how
that
gets
done.
You
know
if
we,
you
know
if
we
are
capable
to
look
a
little
bit
farther
forward.
D
Look
at
you
know
how
the
the
larger
scale
integrated
system
is
going
to
be
working,
we're
going
to
say
and
that's
why
right
now
you're
going
through
this
process
but
Jenkins,
because
we're
just
going
through
this
phase,
where
the
automation
is
going
to
be
built
into
Jake's.
Next
version
I
mean
and
here's
how
to
walk
through
that.
E
Okay,
so
I'm
making
an
attempt
here
to
give
us
a
one
paragraph
like
a
two-line
scope:
you're
a
hero,
I
love
it
I've,
written
I've,
tried
to
incorporate
what
you
guys
are
talking
about
I'm,
just
going
to
read
it
and
see
if
I
mean
we're
even
close,
securing
the
open
source
ecosystem,
we
will
require
making
the
adoption
and
consumption
of
s-bomb
data
easy
at
all
levels.
Source
build
and
Os
the
goal
of
the
S
problems
everywhere.
C
A
System,
let's
call
it
deploy,
maybe
because
if
we,
if
we
look
at
the
current
I,
think
ntia
created
it,
they
I'm
not
starting
this
conversation
right
now.
So
dear
God,
no
one
comment
on
this,
but
they're
grouping
s-bombs
into
Source,
build
and
deploy
and
I
know
you
can
argue,
there's
way
more
stages,
but.
D
D
B
A
A
B
E
A
A
E
B
B
A
A
A
Buttons
anymore,
but
okay,
so
we
kind
of
have
this
description.
This
came
from.
It's
got
some
steps.
We,
the
second
section,
is
kind
of
more
missiony
I
think
than
the
first,
but
I
think
this
is
these
three
bullet
points
capture
the
the?
What
I
guess
would
the
first
section
is:
maybe
the
y
a
little
bit
so
I
I
think
something
for
us
to
keep
in
mind
and
I.
Don't
expect
us
to
do
all
this
right
now.
A
I
just
want
us
to
like
look
at
this
as
a
whole,
and
we
can
work
on
it
during
the
week,
but
this
group
isn't
going
to
do
any
of
the
work
right.
That's
the
understanding,
we're
going
to
create
plans
and
suggestions
and
bring
them
to
the
openssf
and
say
we
think
this
is
what
should
be
done
and
they
can
say
you're
dumb
go
away
or
they
could
potentially
fund
it
and
that's
kind
of
the
intent.
A
B
I
I
think
it.
You
know
at
first
when
you
said
it,
I
was
like
oh
I,
don't
know
that
kind
of
feels
like
splitting
hairs,
but
as
I
look
at
this
document
it
it
does
make
sense
that
we
should
you
know
what
does
done.
Look
like
for
this
group.
Essentially
right
is
this
group's
purpose.
To
set
up
the
plan
set
up
the
subgroups
that
will
go
out
and
do
the
actual
work
and
then
you
know
disappear
right.
We
our
work,
is.
C
B
B
E
Okay,
so
I
took
a
stab
at
the
mission.
The
mission
of
the
work
stream
will
be
to
encourage
collaboration
between
s-bomb
producers,
consumers
and
maintainers,
identify
common
barriers
to
the
adoption
of
s-bomb
generation
and
make
recommendations
for
creating
friction-free
open
source
tools
that
make
s-bombs
everywhere
easy.
D
I
yeah
I
think
it's.
It
may
just
be
right,
it's
certainly
a
solid
start.
You
know
it
doesn't
give
me
the
Epiphany,
the
first
one
does,
but
it,
but
it's
logical.
It
makes
sense
and
did
to
what
Vicky
was
talking
about.
You
know,
yeah
I
think
it's
just
thinking
out
loud.
You
know
so
I.
You
know,
but
I
am
trying
to
achieve
for
myself,
and
this
group
may
be.
The
thing
is
a
vision
of
the
architecture
of
how
this
stuff
all
fits
together.
You
know
s-bombs
and
you
know
a
part
of
it.
D
C
A
I
love
it
so
I
I
think
that's
a
really
good
point.
Chris
made
about
the
architecture,
because
to
date,
this
document
and
this
group
has
had
an
obsession
with
tools,
specifically
tools
and
I,
think
it's
bigger
than
that,
especially
if
we
start
incorporating
consumption
which
we've
not
talked
about
in
the
past
cameras,
you
hand
it
for
reality.
C
Yeah
now
I,
remember
I,
remember
what
I
was
going
to
say
so
one
kind
of
element
for
us
at
least,
and
why
this
is
a
a
point
of
important
I
guess
from
this
like
viewing.
The
working
group
is
something
that
should
be
producing
very,
like
valuable
context,
so
to
inform
down.
Downstream
processes
is,
from
my
perspective,
I
guess
like
a
worthy
Pursuit.
One
like
we
are
actually
going
to
enter
into
a
funded
effort
to
do
research
that
I'd
like
to
kick
into
the
open
source.
C
Yeah,
so
are
you
saying?
Are
you
asking
whether
those
elements
are
fitting
into
like
the
cultural
component
that
Tracy
put
in
the
scope
or
the
interoperability
component
yeah
interoperability,
because,
as
we
start
looking
at
a
lot
like
the
full
life
cycle
of
software,
especially
when
you
talk
about
air
gaps
being
the
ends
kind
of
state
really
defining?
What
elements
have
to
make
it
all
the
way
through
and
starting
up
the
source?
And
that
actually
is
going
to
be
a
research
effort?
C
A
A
D
Yeah
I'll
just
agree,
I
think
the
last
comment
yeah.
When
you
start
looking
at
the
network
architecture,
the
differences
are
Stark
right,
you
know,
there's
not
a
lot
of
flow
things
are
created,
didn't
stay
in
the
same
place
and
until
we
start
thinking
in
that
way,
it
just
anyways
I
think
it
helps
a
lot
I.
A
I
agree
and
I
think
to
date
most
of
the
tooling
and
even
advice
has
been
very
I.
Don't
know
what
to
call
it
componentized.
You
know
just
very
singular
I'm
going
to
focus
on
this
one
place.
So
what
I'm
going
to
do
now
is
write
kind
of
a
brief
explanation
of
what
happened.
I
want
to
send
it
to
the
mailing
list
and
I'm
I
am
opposed
to
having
lots
of
meetings
like
this
one,
because
I
think
we
should
be
able
to
function
in
an
asynchronous
Manner
and
work
through
GitHub
and
things
like
Google
Docs.
A
So
that's
what
I'm
going
to
encourage
I'm
not
going
to
schedule
another
meeting
like
this,
because
I
don't
want
to
so
I'm
going
to
write
this
up.
I
will
try
to
lay
out
some
of
the
work
that
needs
to
be
done
moving
forward
and
then
I
guess
we
can
kind
of
go
from
there,
but
I
I
really
want
to
make
sure
we
can
keep
this
going
because
I
feel
like
this.
This
makes
sense
to
me
and
I
like
it.
So
I
want
to.
Thank
you
all
for
the
help.