►
From YouTube: OSS-SIRT (November 1, 2022)
Description
About
The OSS-SIRT SIG (Open Source Software Security Incident Response Team Special Interest Group) is a group working within the OSSF's Vulnerability Disclosure Working Group that is focused on creating secure vulnerability management capabilities within the open source ecosystem to ensure effective coordinated vulnerability disclosure practices (CVD)
Github Repo: https://github.com/ossf/SIRT
B
A
A
I
guess,
while
we
are
waiting
for
folks
to
join
Let's.
A
How
do
we
feel
we
want
to
use
this
meeting
time
in
the
very
near
future,
we're
very
close
to
having
the
draft
of
the
plan
more
or
less
short
up
to
pass
up
upwards
for
approval,
so
once
that
happens,
and
we
start
to
move
into
execution
mode,
how
do
we
want
to
leverage
the
full
Sig
time
any
thoughts
or
suggestions,
Beyond,
just
kind
of
a
readout.
C
I
would
say,
if
sure,
things
of
that
nature
feedback
for
stuff
that
needs
people
like
stakeholder
approval,
because
I
think
that
we
act
as
a
stakeholder
at
this
league.
So.
A
Well,
I
think
will
be
a
ways
away
from
you
know,
being
able
to
coordinate
anything
I
think
the
first
bunch
of
months
is
going
to
be
finding
and
installing
tooling
writing
process
and
training.
C
I
know
that
most
of
our
focus
is
being
volunteer
based,
so
I
know
that
I
just
feel
like
that.
That
would
make
a
lot
of
sense
if
we
had
a
time
where
we
could
all
just
kind
of
gather
and
make
decisions,
because
I
know
there's
a
lot
of
things.
That
kind
of
require
at
least
the
sections
to
work
together.
C
A
We
still
could
folk,
we
could
transform
those
into,
for
example,
someone
that's
interested
in
developing
triage
documentation
and
then
some
other
group
might
be
working
on
that
one
page
slick
to
engage
maintainers
but
another.
Another
component
of
us
could
be
thinking
up
ideas
and
trying
to
figure
out
a
program
on
how
to
encourage
volunteers.
C
Right
I
would
say:
I
would
say
that
yeah,
the
the
the
all
the
issues
that
need
collaboration
between
sigs
I,
think
that
would
be
the
best
use
of
the
time
here
and
maybe
also
reporting
those
groups
that
we're
going
to
do.
Group
based
activities,
maybe
a
time
where
that
or
this
time
can
be
used
for
those
groups
to
come
back
and
kind
of
share
what
they
got
somewhere
like
a
show
and
tell
mm-hmm.
B
B
Like
if
we
do
have
eventually
like
proposals
that
I
that
are
enticing
for
the
whole
sake
for
the
whole,
like
a
working
group
to
work
on
or
say,
yeah,
let's
adopt
and
like
change
the
format
but
I
would
move
to
something
less
like
even
less
aggressive
and
bi-weekly.
At
this
point
because,
like
you,
said
it's
kind
of
moved
right
now
we're
waiting
on
a
lot
of
approvals
to
go
through
and.
A
And
maybe
we
become
a
little
more
disciplined
and
before
we
can
have
a
a
stub
agenda
and
as
people
have
things
they
want
to
share,
they
would
put
that
in
there
and
if
we
didn't
have
any
topics
to
discuss,
we
would
not
necessarily
meet.
A
All
right,
I
think
any
other
suggestions
or
comments
on
the
kind
of
show
and
tell
proposal,
transforming
this
column
or
something
like
that.
Once
we
get
the
plan
rolling.
A
Do
we
have
any?
We
have
Francis
from
section
three
and
Randall
from
section
one?
We
have
any
updates
on
anything
or
do
you
need
help
from
anyone
from
this
group
here,
foreign.
C
C
I
was
telling
probe
also
that
I
talked
to
or
got
in
touch
to
some
with
some
other
cert
teams
that
have
some
cert
tooling.
That
I
put
in
your
issue.
B
C
B
C
C
One
is
made
I
think
by
like
a
cert
group
in
in
Latin
America
Brazil,
if
I'm
not
mistaken,
so
it's
it
was
interesting
because
it
seemed
very
official
if
you
know
how
to
read
Spanish
so
yeah
yeah,
but
but
yeah,
but
so
I
did
add
those
two
for
your
consideration
and
both
of
those
seemed
pretty
open
source
or
a
pretty
vendor
agnostic.
If
you
will
that's
the
word,
I
was
looking
for.
A
Io
Francis
a
pull
request
on
adding
the
cert
program
manager
to
section
three
so
I'll
get
details
in
there.
So
we
have
a
stub
to
have
somebody
to
help
manage
running
the
plan
once
it's
in
place
and
then
to
help
with
some
of
the
facilitation
for
the
Sig.
Once
it's
up
and
going
I'll
do
that
today.
A
A
All
right,
we
will
adjourn
at
11
after
the
hour.
Thank
you,
everyone
for
your
time
and
attention,
if
you're
working
on
please
take
time
this
week,
to
look
at
the
three
sections,
provide
any
last
thoughts
or
comments
through
PR's,
so
that
we
can
get
these
wrapped
up
into
the
tack
and
then
the
GB
in
the
coming
weeks.
So
thanks
everybody
enjoy
the
rest
of
your
day.