►
From YouTube: OSS-SIRT - 3 Execution (October 21, 2022)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
B
A
Nice
yeah
I,
don't
know
so
I,
don't
know
if
we're
going
to
meet
very
long
for
a
very
long
time
today,
because
I
get
a
lot
of
time
back.
It
looks
like
we're
blocked
on
pretty
much
everything
for
the
execution
bit.
Randall
and
I
I
think
you
need.
We
need
to
talk
about
something
that
may
have
been
thrown
at
us,
but
otherwise
I
don't
think
we
have
any
other
agenda
items
for
today.
C
C
Need
to
add
the
program
manager
role
to
this
section
and
I'll
submit
a
PR
for
that
here
today,
so
that
we
can
have
hire
somebody
to
run
the
plan
and
then
participate
in
keeping
the
cert
organized
long-term.
A
B
A
B
Going
to
say
for
the
security
buddy
program
turns
out
that
there's
actually
a
fair
amount
of
prior
art
from
ausswap
on
that
that
I'm
getting
so
I
will
yeah.
B
They
published
it
in
a
blog
about
how
they're,
like
they
have
people
to
go
around
and
kind
of
like
set
up
a
security
Champion
program.
I
can
send
you
the
blog
if
you
want,
but
but
yeah
I
I
was
talking
to
Glenn
about
that,
and
he
was
telling
me
he
was
going
to
get
me
that
information,
because
he
ran
a
program
for
them
in
ing
so
yeah.
C
For
your
3.1
I
added
an
item
to
our
next
vulnerability
disclosure
working
group
asking
a
broader
audience
to
participate
on
giving
us
some
potential
tools
or
thoughts.
A
So
essentially
broadcast
the
like
discussion
that
we
started
yeah:
okay,
yeah
because
I
did
bring
it
up
and
like
in
the
WG
meeting
like
twice
but
I.
Think
a
broader
over
awareness
might
help
yeah
yeah,
we'll.
C
Be
explicit,
we'll
talk
about
it,
we'll
pull
it
up,
show
people
kind
of
what
we've
talked
about
and
solicit
feedback
and
then
hit
up
the
mailing
list.
I
might
even
think
about
I,
don't
know
if
I
had
to
see
if
we
have
a
general
mailing
list
or
maybe
I
just
posted
in
the
general
Slack.
C
So
I'll
I'll
take
the
AR
to
do
that
today
and
get
that
in
the
slacks.
A
Cool
all
right,
I'm
gonna
put
the
meeting
notes
in
the
cert
document
for
now,
but
if,
if
we
want
to
have
like
a
dedicated
document
for
it,
that's
fine.
C
Yeah
I
might
have
to
add
the
it
might
have
been
me
saying:
I
need
to
add
the
PM
PGM.
A
A
A
C
C
You
know
if
we
want
to,
we
could
put
in
stubs
for
the
we
could
between
the
three
of
us.
Do
we
feel
looking
at
the
tools
we
have
suggested,
do
we
feel
like
Vince
would
be
an
option?
We
want
to
try
to
hire
some
developers
to
uplift
for
our
purposes.
C
A
Pretty
early
to
settle
on
one
tool
but
I
do
agree.
Vince
has
really
good
potential
in
the
list.
Like
I
was
just
reviewing
the
list
earlier
and
yeah
like
pretty
clearly
there's
either
Vince
or
the
other
idea
was
github's
issues.
I,
don't
know
if
crow,
like
one
of
the
action
items
that
you
had
was
to
talk
to
attack
or
the
board
about
GitHub.
As
like
a
thing
I,
don't
know
if
you
got
a
chance
to
do
that,
I.
A
A
C
That
does
nothing
like
that:
we're
free
to
use
whatever
we
want.
We
have
the
foundations,
GitHub
license
that
we
can
use.
But
if
we
wanted
like
a
private
instance,
we
would
have
to
budget
for
that
and
then,
potentially
you
know,
GitHub
May
donate
that
but
I'm
not
going
to
go
in
saying
that
we're
they're
giving
it
to
us
yeah.
C
Correct-
and
we
would
probably
ask
one
of
the
hyperscalers
to
donate
that
infrastructure
to
us,
but.
A
C
Or
get
like
Linux
Foundation
has
Ops
people,
so
we
would
then
Pro.
We
could
either
hire
an
SRE.
You
know
leverage
something
like
Alpha
and
Omega
starting
a
help
desk.
C
B
C
A
Kind
of
it's
kind
of
so
I
imagine
a
ticketing
system,
that's
built
with
incident
handling
and
coordination
in
mind.
It
does
not
have
any
like
scripting
features.
It
does
not
have
any
sock
monitoring
features.
It
really
is
just
about
like
a
billboard
where
you
know
you
start
as
an
issue
which
is
an
incident,
and
then
you
can
attach
some
artifacts
upload
some
documents
and
then
you
can
add
contributors
to
it
with,
like
you
know,
build
Communications
of
sorts.
It's.
C
A
C
Yeah
and
it
it
basically
is
a
centralized
place
that
reporters
can
go
to
to
report
an
issue
and
then
you
know
tag
in
the
system
like
if
they
need
certain
CC's
coordination
assistance
and
then,
once
you
have
an
incident
you're
able
to
manage
the
scope.
So
it's
all
private
and
you
can
add
in
people
as
they
have
need
to
know,
or
you
know
they
need
to
be
involved
in
the
disclosure.
B
C
C
Yeah
yeah
exactly
it
is
a
Communications
Channel,
and
that
might
be
something
again
that
we
should
put
things
like
that
as
well.
Francis,
like
signal
and
key
base
in
our
tool
list,
can.
B
B
B
B
Yeah
and
you
see
if
I
actually
I've
actually
shown
this
the
Search
Skeleton
Gen
2
and
it
turned
into
one
of
those
things
about
like
gen
2's
opinion
of
Linux
Foundation
is
not
great,
just
leave
it
at
that
kind
of
like.
Why
do
you
like?
What
is
your
point
like?
What
do
you?
What
do
you
do
and
it's
like
I,
try
to
explain,
but
then
it's
like
no
feedback,
so
yeah.
B
A
But
yeah
two
robs
like
two
crops
point
we
will
need
to
be
somewhat
very
open
in
whatever
panel
like
email
is
the
default
I
guess
for
like
most
now,
but
even
then
we
you
know
we
have
to
expect
that
some
folks
will
be
like.
Oh
no
I'm
only
communicating
to
you
folks
with
like
pgp
or
secure
channels
and
we'll
have
to
say
Okay
bye,
but
up
to
some
extent
I
like
we
should
have
some
preferences.
A
B
A
C
Yeah,
you
know,
potentially
we
get.
We
ask
Vince
for
a
module
on
CVSs
scoring
or.
C
Yeah
and
that's
why
I
want
to
if
we
want
done,
I
want
to
hire
our
own
people.
Okay,.
A
C
A
A
C
A
A
C
A
It
I
will
put
Randall's
name
next
to
things
in
between
now
and
two
weeks
time.
I
will
have
a
look
at
Vince,
see
how
easy
it
is
to
run
their
own
instance
in
whatever
Cloud
bucket
thing
crowbe.
If
you
could
I'm
going
to
write.
B
B
A
I,
put
you
up
for
asking
the
board
about
Cloud
credits
so
that
we
can
like
see
what
it
is
like
do
we
have
Azure,
do
we
have
like
Amazon?
Do
we
have
clouds
I'm?
Sorry,
it's.
C
C
C
You
know
if
we
had
a
alternate
preference.
We
can
express
that,
but
Azure
is
typically
where,
when
someone
needs
Cloud
compute
resources,
that's
where
it
gets
fobbed
and
that
would
be
a
request
of
attack.
C
We
could
put
it
in
the
plan,
but
basically
there's
a
process
where
I
would
do
a
proposal
to
the
attack.
I
need
x,
amount
of
credits
for
this
service
and
here's
what
it
does
and
they
they
have
the
authority
to
approve
kind
of
small.
A
B
A
A
A
B
A
A
B
A
B
B
A
B
B
A
If,
if
you're
comfortable
playing
around
with
that
that'd
be
awesome,.
B
B
B
C
B
C
B
B
Of
something
like
that,
it's
supposed
to
be
open
source,
I,
believe
I,
believe
Cole
Kennedy,
which
is
supposed
to
be
in
the
foundation,
he's
been
around
and
made
it
I,
don't
know
him
or
anything.
It's
just
one
of
those
things
that
I
happen
to
know
a
lot
of
really
random
information.
A
A
I
will
I
just
realize.
I've
have
a
weird
habit
of
bracketing:
the
dots,
no.
B
A
So
that's
an
affection
item
for
two
weeks
for
like
a
volunteer
kind
of
thing,
I
would
like
us
to
not
had
not
add
more
on
our
plates
and
we'll
see
how
section
one
and
two
progress
on
those
things
so
Randall
you're
in
section
one
right.
Yes,
let
us
know
if
you
would
like
assistance,
because
as
you've
noticed,
there
might
be
some
free
Cycles
on
our
end,
until
section
one
and
two
actually
have
a
stronger.
Like
you
know,
positioning
agreed.