►
From YouTube: SLSA Positioning Meeting (August 30, 2022)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Awesome
yeah,
sometimes
my
my
headphones
don't
like
to
switch
over
and
my
phone
is
driving
me
nuts,
so
I
need
to
mute
it.
Okay.
How
are
you
doing
today.
B
A
A
It
feels
like
a
Tuesday
today,
it's
been
pretty
muggy
outside
this
is
very
I.
Don't
know
depressing
is
not
the
right
word.
It's
just
meh,
because
it's
cloudy
and
whatnot,
oh.
A
A
Yay,
oh
I
cannot
hear
you
Mike.
B
C
C
A
Edit
edit
edit
edit
now
I
feel
bad
for
anyone
who's
hanging
out.
There.
A
A
A
Paste
unless
Mike
do
you
know
a
better
way
of
doing
this,
this
whole
creating
a
new
subset
for
the
meeting
notes.
C
Oh
so,
usually
like
so
one
of
the
ways
that
we've
done
it
in
the
past
is
either
in
a
separate
dock
or
in
the
bottom
of
this
dock,
or
something
like
that
is
to
just
sort
of
have
a
template
of
all
those
like
things
of
like
the
agenda
and
the
the
attendees.
And
so
you
just
copy
paste.
When
you
have
a
new
one,
yeah.
A
That
makes
sense,
I,
don't
think
I
have
that
in
here.
So
I
will
do
that
later.
I
appreciate
that
input.
Okay,
so
I
now
have
an
agenda
for
for
a
meeting
notes
agenda.
So
if
you
want
to
sign
in
you
can
zero
eight
30
and
I
will
share
okay.
So
what
would
you
all
like
to
do
or
work
on
today?
I
know
there
was
a
couple
of
things
from
last
time
and
I'm
trying
to
share
advanced
portion
of
my
screen.
A
A
Let's
see,
okay
should
be.
Oh
sorry,
G.
A
Yeah,
it's
been
a
while,
since
we've
had
rain
and
I'd
say
for
the
past
week,
we've
had
rain
almost
every
single
day
and
it's
not
like
sprinkle.
It's
like
downpour,
so
very
much
happy
about
it
because
it's
been
really
really
hot.
A
Well,
so
that's
anybody
else
like
to
to
share
anything.
It's
okay!
If
you
don't
I'm,
not
gonna
pressure,
anyone.
A
So
from
the
last
time
there
was
a
couple
of
things
one
was
Isaac
was
going
to
work
on
some
blogs
based
off
of
the
presentation.
He
did.
I
know
Mike,
you
mentioned
you
know,
Marina
spreadsheet
or
the
cncf
I
think
it
mapped
to
salsa
at
least
that's
the
intent
that
I
had
but
I
know,
I
wrote,
ssdf,
so
I
didn't
I,
don't
know.
If
that's
what
this
spreadsheet
is.
I
didn't
get
a
chance
to
look
at
it
and
then
the
charter,
oh
I,
really
want
to
get
that
done.
A
It's
it's
one
of
those
things
that
like
trying
to
pull
teeth
and
I
just
need
people
to
like
go.
Look
at
it
and
thumbs
up
or
thumbs
down
comment,
so
we
can
just
get
it
over
with
and
submit
it
for
a
PR
and
then
I
did
this
so
so
yeah
it
looks
like
taxonomy
and
the
mapping
really
is
about
the
only
things
that
we
we
have.
So
what
would
folks
on
the
phone
online?
What
do
you
want
to
work
on.
B
A
B
Mentioned
oh,
go
ahead:
I
was
just
going
to
mention
that
I
think
Marina
may
not
continue
I'm,
not
sure,
so
she
I
believe
she
was
an
intern
here
at
train
guard.
So
she
she
finished
her
internship
so
and
we
may
maybe
I'll
try
to
contact
her
or
if
we
want
to
try
to
contact
her.
C
Sure
I
can
do
that.
I
mean
I,
know
that
you're
still
involved
in
the
in
the
space
you've
been
doing
the
work
even
outside
of
the.
B
C
Internship
in
the
cncf,
at
least,
and
so
on
on
so
and
to
be
clear,
I
already
asked
her
like
hey.
Does
it
make
you
know,
can
I
can
I
go
and
send
this
over
to
the
salsa
folks,
so
that
we
can
look
at
this
and
and
start
you
know,
building
off
of
it
said
yes,
so
also
from
more
officially
on
the
cncf
side,
the
cncf
is
doing
a
like
a
mapping.
C
You
know
they
have
that
other
control
mapping
which
I
I
sent
out
in
the
it's,
the
salsa
mapping
to
other
Frameworks.
C
Sorry,
no
wait
not
that
one
hold
on.
There
was
another
document
which
I
thought
I
include:
oh
the
cncf
controls
catalog,
which
does
talk
through
some
of
this,
so
John
who's,
the
lead
on
that
one
and
I'm
gonna,
probably
butcher
his
last
name.
I
apologize.
A
C
So
that
one
is,
is
the
a
bit
of
the
more
official
sort
of
this?
Is
the
CNC
cncf's
controls
catalog
and
one
of
the
things
in
there
was
there
is
mappings
to
this
853.
The
idea
was
also
to
also
have
mappings
back
to
ssdf
and
potentially
other
sorts.
B
C
Control
Frameworks
and
those
sorts
of
things,
but
the
big
thing
that
here
was
that
John
also
wanted
to
and
he's
attended
a
couple
of
the
salsa
meetings.
I,
don't
know
if
he
has
the
ability
to
to
attend
if
he's
free
during
this
time,
but
I
know
that
he
wanted
to
kind
of
say
you
know
if
it's
something
a
bit
more
officially
like
hey,
how
is
the
cncf
mapping
to
salsa
then
he
would
definitely.
He
would
probably
take
that
one.
C
Just
because
he's
in
charge
of
he's
the
lead
on
the
cncf's
security
stuff
anyway,.
A
C
Yep,
sorry
so
I'll
type
it
here
in
chat,
okay,
okay,.
B
A
C
I
think
the
idea
would
be
to
try
and
do
both
so
one
of
the
ones.
So
one
of
the
specific
things
that
we
probably
want
to
do
long
term
is
probably
do
something
like
oscow
right,
because
oscow
allows
us
to
do
the
mapping
both
ways.
So
if
it's
like,
we
can
just
both
point
to
sort
of
one
document,
that's
kind
of
like
a
almost
like
a
you
know,
a
mapping
layer
actually
are
folks
familiar
with
oscow
nope.
Oh
anybody.
B
C
C
About
it,
oh
okay,
wasn't,
okay,
so
give
me
one
second
to
pull
this
up
so
yeah
and
I
don't
want
to
take
up
too
much
time
on
this
per
se,
but
give
me
one
second.
C
It's
essentially
like
a
imagine
if
you
could
kind
of
describe
controls
in
XML
or
Json
or
yaml
or
whatever,
and
as
a
way
of
for
for
a
way
of
like
interoperability,
between
controls
and
how
to
map
controls
to
other
controls
and
even
how
to
map
tools
to
controls
so
that,
if
a
tool,
you
know
has
some
sort
of
specification,
let's
say
somewhere
in
there,
something
like
an
oscow.xml
or
oscow.json,
they
can
say
hey.
We
support
these
controls
and
then
based
on
other
mappings.
C
You
can
say:
okay
well,
that
nist
control
that
they
support
maps
to
this
salsa
control
or
whatever.
So
that
means
we
can
kind
of
go
in
and
do
those
sorts
of
things
there
is
an
IBM
tool
around
this
called
trestles.
C
Oh
okay,
let
me
I
mean
yeah
I'm,
not
sure
on
that
front,
but
yeah
thank.
A
C
C
Let
me
just
go
in:
is
it
this
one?
No,
it's
not
that
one
yeah
here
we
go
so
the
the
basic
idea
behind
this
is.
C
Actually
hold
on
there's
there's
supposed
to
be
a
if
I
can't
they
might
have
changed
some
of
the
documents
around
key
Concepts
identifiers.
Do
they
have
the
yeah?
It
looks
like
they
changed
around
the
doc,
the
the
the
diagrams
and
stuff,
but
they
used
to
have
a
nice
little
diagram.
That
sort
of
showed
the
idea
was
people
could
write
up
their
controls
and,
like
so,
for
example,
nist
could
write
up
their
controls
and
they
actually
have
this.
B
C
Github,
so
what
they
have
here,
which
is
really
useful,
is
let
me
just
take
the
animal,
because
that's
a
little
bit
easier
to
read,
you
can
see
that
they
have
I'm,
just
gonna
take
a
little
while
there,
but
you
can
see
here
they
have
like
a
whole
sort
of
definition
of
this
thing,
and
so
the
idea
would
be.
This
can
be
viewed
as
a
spreadsheet.
This
can
be
viewed
as
you
can.
You
know.
C
Imagine
you
embed
this
in
some
sort
of
document,
whether
it's
markdown
or
whatever,
and
so,
if
it
changes
like
if
the
definition
of
a
thing
changes,
it's
just
a
link
to
the
definition,
as
opposed
to
like
a
direct
thing
where
you
know
the
idea
here
is
that
you
know,
especially
in
the
government.
You
know
there's
so
much
copy
pasted
stuff.
It's
like!
Oh,
yes,
we
implement
this
control,
which
has
this
definition,
and
so,
if
anything
ever
changes,
you
need
to
now
go
back
to
all
the
documents
where
you
cited
it
and
copy
paste
again.
C
C
So
if
somebody
comes
in
with
you
know,
if
there's
12
different
things
but
they're
all
in
oscow
and
there's
also
adequate
Pascal
mappings
between
them,
then
you
could
say:
well:
am
I
salsa
compliant
well,
I'm
salsa,
853
compliant,
and
they
have
these
mappings
and
it
automatically
will
tell
you
whether
or
not
you
would
be.
You
know
missed
853,
plus
salsa,
plus
whatever
else
yeah.
A
Yeah
no,
this
is
this
is
good
I've
not
seen
this
before
so
then
I
know
you
mentioned
IBM
Trestle,
but
I
I,
don't
know
anything
about
that
either
but
curious
about
how
do
we?
How
do
we
take
what
we
have,
which
is
a
Google,
spreadsheet
and
kind
of
format
it
in
this
way
or
use
this
tool
to
start
doing
that?
Because,
right
now
it
is
very
all
manually
written
where
we
say
this
is
part.
We
believe
that
this
control
and
missed
you
know
800
161
Maps,
this
also
level,
four,
three
whatever.
C
Good
question
so
I
know
one
of
the
the
big
issues,
because
I
haven't
done
a
whole
lot
with
oscow
since,
like
2017
2018.
C
time
frame,
I've
on
and
off
I've
kind
of
come
in
as
just
sort
of
an
end
user
of
the
thing.
I
believe
there
are
some
tools
to
help
out
here
that
could
potentially
take
something.
C
That's
like
in
like
a
Microsoft,
spreadsheet
kind
of
format
and
convert
it
into
sort
of
the
oscal
format
as
long
as
you're
using
generic
sorts
of
stuff,
like
I,
can
put
that
in
as
something
for
me
to
do
a
little
bit
of
research
on,
because
I
I
know
that
there
are
some
tools
today
that
help
out
with
this
there's
also
some
tools
that
probably
still
need
to
be
built
out
to
make
it
super
easy.
C
But
there
is
some
stuff
here
around
helping
do
do
some
of
that
and
since
salsa
I
think
is
also
going
to
be
a
little
bit
easier
right
because
salsa,
it's
only
like
a
you
know,
whatever
it
is
two
dozen
or
so
requirements
compared
to
hundreds
of
controls,
so
on
that
end,
I
think
can
totally
even
if
we
had
to
manually
write
up
the
yaml
or
Json
or
whatever
it
shouldn't
take
that
long,
but
yeah
I
can
definitely
do
that.
Conversion.
A
Okay,
yeah
I'm,
trying
to
find
the
I'll
give
you
the
link
it's
here.
It
is.
This
is
the
the
mapping
that
we
have
today
and
so
let
me
share
portion
of
my
screen
again
and.
A
Right
so
it's
very
much.
We
said:
okay,
this
control
or
this
subsection
of
this
control
and
what
it
said,
maps
to
this
right,
yep
and-
and
so
we
were
kind
of
doing
that
for
what
we
knew
and
how
we
interpreted
it.
But
obviously
this
is
not
long
term.
It's
not
sustainable!
Unless
there's
a
team
of
people
constantly
updating
this,
so
I
love
the
idea
of
using
something
like
oscow
to
have
pointers
so
that
we
we
don't
lose
the
reference
of
what
control
it's
trying
to
meet
or
satisfy.
D
And
just
a
point
and
just
a
point
of
a
a
Clarity
right.
So
if
you
use
an
oscow
and
make
it
automated
in
that
fashion,
should
sure
we'd
be
looking
at
like,
for
instance,
say
800-53
version
6
one
day
right
and
then
there's
a
whole
set
of
other
controls
that
that
get
get
get
implemented
or
put
in
it
would
mean
that
it
would
mean
that
all
it
gets
changed
in
one
place
and
it
gets
reflected
across
anywhere
that
that
piece
of
automation
has
been
implemented
right.
So.
C
D
D
C
Yeah
manually
do
but
but
I
I
believe
the
idea
is
like
it
would
be
significantly
simpler.
It
would
just
be
you
to
update
the
pointer
to
like
E6
or
whatever
from
V5,
and
then,
if,
like
largely
if
the
definitions
haven't
changed
between
the
two
versions,
The
Unique
identifier
should
be
the
same,
and
so
it
should
be
okay
there
and
then
yeah.
The
other
thing
that's
kind
of
neat
is
the
the
end
goal
would
be.
You
can
sort
of
say
this.
C
Like
you
know,
some
people
are
even
talking
about
certain
things
like
could
you
tag
in
your
let's
say
it's
an
open
source
project?
Could
you
tag
in
your
source
code?
This
piece
of
the
code
implements
this
piece
of
the
nist
800.
You
know.
53
control
or
this
tool
hits
those
things
so
that,
when
people
kind
of
go
back
and
say
great
I
need
you
know,
I
am
building
out
a
new
environment,
and
so
I
need
all
of
these
different
controls
implemented.
C
And
so
you
can
take
things
off
the
shelf
that
are
just
like:
okay,
well,
here's
their
mapping
to
what
they
actually
Implement
for
nist
controls
or
salsa
controls,
or
you
know,
even
the
the
new
one
that
you
you
showed
off
a
little
earlier
today
of
like
of
the
the
Microsoft
supply
chain
framework
of
like
hey.
If
these
things
are
done,
you
know
this
is
you
could
just
sort
of
say,
yep,
I'm,
doing
all
the
right
stuff.
D
Yeah,
so
so
that
I
mean
that
that's
pretty
man
that
that's
pretty
slick
that'll
also
help
you
they'll
help
prevent
a
little
bit
of
Technology
debt
later
on
right
and
it'll
also
help
you
help
you
help
you
help
prevent
over
overuse
of
a
a
of
tech.
You
know
tools
overuse
of
tooling
by
kind
of
helping.
You
streamline
a
little
bit
where
you,
where
your,
where
you're
putting
your
efforts
to
right,
you
can
take.
A
So
curious
Mike,
do
you
know
of
anyone
using
this
today
you
know
maybe
an
Enterprise
or
a
company
that
has
to
perform
these
kinds
of
mappings
I'm
just
curious.
C
Yeah,
so
when
I
was
at
mufg
a
large
Bank,
we
were
looking
at
that
a
few
other
companies.
I
remember
were
talking
about
this.
A
few
even
were
at
the
salsa
meetings
and
I'm
blanking
on
exactly
who
this
was
I'm.
Trying
to
remember.
C
C
The
mappings
of
nist
controls
across
various
agencies,
because
even
among
the
various
agencies
they're
like
oh,
we
Implement,
you
know
we,
we
sort
of
looked
at
this
control
slightly
differently
than
you
did.
But
if
you,
if
there
was
one
person
who
just
had
a
catalog
bullet
of
stuff,
then
you
could
just
go
and
say:
oh
great
I
could
just
pull
from
that
catalog
and
it'll.
C
Tell
me:
hey
here's,
for
example,
the
the
tools
that
meet
those
controls
or
here's,
how
other
organizations
with
underneath
the
sort
of
government
umbrella,
US,
Government
umbrella
I
should
say
have
has
done
this
now.
As
far
as
other
Enterprise
companies
like
I
do
know
that
some
very
large
Enterprise
companies,
especially
those
that
operate
with
you,
know,
do
business
with
the
government.
C
U.S
government
have
done
some
oscow
stuff,
a
few
folks,
I
remember
in
salsa
and
a
combo
and
some
of
the
other
open,
ssf
stuff
have
talked
about
doing
salt
talked
about
doing
oscal
in
the
past.
C
A
I,
don't
oh
yeah,
we
do
have
a
salsa
meeting,
Thursday,
okay,
yeah
yeah.
Let's
bring
it
up
there
because
it
would
be
good
to
know
if
there's
someone
that
can
help
us
just
kind
of
get
kick-started
if,
if
you're
not
or
if
you
have
trouble
or
aren't
able
to
I,
think
that
would
be
extremely
handy
and
I'm
curious
and
and
then
you
think
that
is
it
Joe
was
that
his
name
John
John
would
do
the
same
for
these
controls
or
no
yeah.
C
So
so
John
has
been
looking
at
oscow
as
well
and
like
essentially
converting
this
spreadsheet
into
an
oscow
catalog
and
then
doing
the
mappings
between
that
sort
of
thing.
I
should
ask
I
could
actually
reach
out
to
him,
even
as
we're
kind
of
talking
through
this
on
the
cncf
slack
and
see
what
what
the
current
status
is.
With
some
of
these
things.
A
Okay,
yeah
so
trying
to
write
a
few
notes,
but
yeah.
Thank
you
for
bringing
this
to
our
attention.
I
I
think
this
extremely
valuable
even
for
internal
use.
Just
thinking
I
was
like
oh
I've,
never
heard
of
this
thing.
It's
pretty
cool.
C
Go
ahead
well,
I
was
gonna,
say
what
I
will
say
is
I'm,
not
exactly
sure
the
status
of
tooling
for
oscow
I
know
that
there
is
a
thing
called
Trestle,
which
is
is
made
by
IBM
I'm,
not
super
familiar
with
it
outside
of
a
I
think
somebody
had
given
a
demo
in
one
of
the
working
groups,
whether
it
was
Salsa
or
the
supply
chain,
Integrity
working
group
or
one
of
the
ones
in
cncf,
it's
hard
to
keep
track,
but
I
do
know
that
they
have
the
idea.
C
Is
it
also
helps
with
the
generation
of
some
of
these
things
so
that
you
can
imagine
using
stuff
like
tagging
in
tooling?
That
maybe
says,
like
you
know
this
tool
implements
this
thing
and
then
the
output
of
your
CI
CD
would
be
a
report
like
an
oscow
compliant
XML
report
or
whatever
that
is
like
hip,
you've,
you've
hit.
You
know
these
salsa
requirements
or
whatever,
and
this
is
actually
something
that
was
being
discussed
as
part
of
the
salsa
conformance
work
and
to
be
clear.
C
This
also
conformance
stuff
is
still
very
like
introductory,
but
just
like
a
you
know,
the
open
ssf
wants
to
make
sure
that
if
salsa
becomes
a
thing
you
can
say
you
are,
you
know
self-certifying
yourself
as
salsa,
but
you
also
don't
want
to
go
in
and
just
allow
anybody
to
say
yep,
I'm
salsa
for
it
and
I'm
not
going
to
tell
you
any
proof,
and
then
you
know
that
could
potentially
you
know,
cause
issues
with
the
the
brand
of
salsa
right.
A
Yeah
correct,
correct,
okay,
so
a
couple
of
action
items
like
you
said
you
were
going
to
look
into
what
what
John
is
doing
reach
out.
A
A
A
A
So
we
have
the
the
charter
and
then
we
have
that's
it
all.
The
blogs
We
can
brainstorm
on
blogs
too.
If
there's
anything
other
than
what
Isaac
said,
he
would
work
on
or
the
taxonomy
thoughts.
D
So
may
I
say
we
want
to
get
the
chartered.
Then
I
mean
what
I
say:
let's
go
ahead
and
take
a
look
at
that
Charter
real,
quick,
y'all
follow.
This
is
just
take
a
look
and
reviewing
I
know
I'm
sitting
in
there
now.
D
A
I
would
agree
too,
but
I'm
biased,
so
any
a
Gilbert
or
Jason.
B
B
I,
just
don't
I,
don't
want
to
deviate
from
what
you
guys
already
done.
I
do.
My
only
suggestion
is:
I
saw
the
chart
with
the
mappings
from
the
cncf
I'm
familiar
with
federamp
I'm,
familiar
with
CIS
benchmarks.
The
mapping
can
be
very
hard,
I'll
call
it
and
and
very
I'll
call
it
spread.
So
can
we
maybe
focusing
on
one
area?
First,
yes,.
A
A
Definitely
yeah:
we
we
started
with
the
ssdf
with
Brandon
lum
a
couple
folks
from
Red,
Hat
and
I
think
I
think
Jason.
You
were
part
of
some
of
that
yeah.
A
Of
it
yeah
so
yeah,
we
we
started
doing
the
ssdf
and
then
you
know,
as
we
had
time,
we
expanded
to
the
others,
but
definitely
I
think
in
order
for
us
to
make
any
any
progress,
we
should
focus
on
one
and
move
on
to
the
next,
or
maybe
we
to
do
two
in
parallel,
but
yeah
I
I
would
agree
with
that
assessment.
A
B
I
do
have
to
drop,
but
yeah.
The
charter
probably
seems
like
we
can
knock
that
out
until
we
get
a
large
enough
group
to
split
up
kind
of
the
mappings,
but
yep
I
do
have
good
jobs,
Melba
I'll,
you
know
stay
in
touch
with
you.
Let
me
know
if,
where
I
can
help,
I
just
I
wanted
to
at
least.
A
Yeah
just
look
at
the
charter,
it's
just
you
know
what
we
are
trying
to
accomplish
like
you
know
what
our
mission
is
and
vision
Etc
and
how
we're
going
to
accomplish
it.
So
you
know,
as
you
go
through
the
different
section,
there's
like
a
review
if
you
put
a
thumbs
up
thumbs
down
or
like
a
mediocre
right
and
we
can
address
the
the
concerns
or
comments,
and
so
that
way
we
can
finalize
it
and
just
publish
it.
A
So
I
know
Mike
you,
you
did
a
couple
of
these
and
since
I
only
have
Jay
now
on
on
on
the
call
left
from
I'm.
D
Trying
to
I'm
trying
to
mimic
you
guys
as
your
your
thumbs
up
here
with
it
I'm
I'm,
having
a
damn
this
time,
I'm
trying
to
mimic
the
thumbs
up.
Okay
here
it
looks
cool
I
want
to
do
some
cool
stuff
here.
A
If
you
agree
with
that,
you
can
keep
on
I.
Actually,
don't
know
how
to
do
this.
I
copied
it
from
Josh's
document.
He
did
it
for
something
else
and
like
Emmy
had
dinned
like
a
mediocre
I'm
like
oh
I,
want
that
one.
So
I
could
just
copied
herself.
A
A
Do
it
I
I,
don't
unless
Mike
knows
how
to
do
it,
I
just
copied
and
pasted
from
another
document
that
did
it
like?
How
do
you
do
that
in
a
document?
Does
it
know
oh
insert
Emoji
reaction
there?
It
goes
you
right.
Click.
D
A
D
A
Yeah
I
tried
to
find
a
different
phrase
for
lingua
Franca,
because
that's
what
the
original
Vision
Vision
or
slash
mission
that
Josh
and
team
put
so
I
was
like
well
link
of
Frank
Franca
I.
Don't
think
a
lot
of
people
know
so,
but
a
lot
of
people
understand
golden
standard
as,
like
you
know,
that's
the
high
like
it's
held
highest.
But
if
there's
another
phrase
by
all
means
we
can
change
that.
A
C
A
C
A
D
But
is
is
that
is
that
the
is
that
the
the
the
ultimate
goal-
I
I,
thought,
I
thought
in
some
respect,
just
what
what
was
the
desire
was
to
be
adopted
as
either
in
preparation
of
compliance
or
as
the
standard
for
supply
chain
security.
Compliance
right
are
wrong.
A
Yeah,
so
why
did
adoption
recognition?
We
could
expand
this
to
I'm
trying
to
find
the
original
there's
like
a
Sig
Charter
cig
AR
there.
It
is
nope,
that's
not
it!
That's
ours,
cool.
A
Nope
I
can't
remember
no
I
can't
remember
where
Josh
is
original,
one
is,
but
it
was
something
of
the
sort
of
I
can
find
it.
It's
sad
obtain
I
think
it
was
like
recognition
or
or
adoption
for
public
private
sectors
as
the
lingua
Franca
for
supply
chain
security.
It
was
that
easy
of
a
sentence.
So
if
we
want
to
expand
it
I'm
more
than
happy
to
do
that,
because
it
was
as
part
of
the
strategy,
it
is
to,
you
know,
help
them
understand
how
to
use
it
for
their
supply
chain.
A
I
think
it's
also
trying
to
be
kind
of
like
the
iso
or
the
sock
or
HIPAA
right.
It
is
the
standard
that
you
want
to
go
for,
am
I
wrong
and
that
Mike.
C
Yeah
I
mean
I
think
that
there's
still
some
debate
exactly
on
the
complete
scope
of
of
it,
like
largely
that's
kind
of
the
the
ideal
is
for
sort
of
when
thinking
about
the
production
of
software
yeah.
This
should
be
the
the
gold
standard
for
producing
software
and
then
yeah
that
that's
that's
pretty
much
it
and
the
right
now.
The
the
big
thing
based
on
the
specification
and
everything
else
is
just
like
we're
currently
focused
on
stuff,
like
provenance,
which
has
been
missing
from
even
like
other
pictures
that
are
out
there.
D
Yeah,
you
know
my
kid
to
nail
on
the
head
and
and
Melba's
sitting
here,
adding
that
now,
but
yeah
I
think
I.
Think
that
part
is
the
part.
D
That's
probably
missing
I
mean
we
can
either
have
golden
standard
or
just
flat
out,
say
lingua
Franca
I
mean
we
I,
don't
know
if
we
need
to
say
golden
stand,
I
think
lingua
Franca,
that
as
a
as
a
language
fragrant
for
producing
software
and
supply
chain
security,
I
think
you
know
just
to
have
and
having
it
having
it
like
that,
because
I
like
that,
one
sentence
that
you
had
that
you
have
enough
with
that.
That
was
clear
and
concise,
but
then
having
what
Mike
said
about
you
know
producing
producing
software.
A
Okay,
let's
see
any
any
okay,
so
it
looks
like
you
yeah.
This
is
just
a
direct
copy
and
paste,
so
that
was
per
trying
to
remember
his
name.
A
I
I
visualize
his
face
I
can't
remember
who
who
recommended
that
the
the
name
it's
escaping
me
right
now,
okay,
evaluate
this
is
kind
of
what
we've
been
talking
about
and
we
we
talked
about
it
in
the
GitHub
issue
or
what
is
the
criteria?
I
think
I
think
you
both
were
part
of
that
discussion.
Right,
should
salsa
increase
or
decrease
their
scope?
A
You
know
how
does
it
work
with
other
Frameworks?
Is
there
an
overlap?
Are
there
deficiencies
or
out
of
scope,
I
guess
items
in
salsa
with
relation
to
other
Frameworks?
Are
there
use
cases
personas
to
address
that
were
not
considered,
and
then
you
know
just
a
it
talks
about
like
well,
how
are
you
going
to
do
this
right
like
well,
you
can
use
any
sort
of
medium
I
say:
may
it's
not?
You
know
required.
D
Yeah
I,
remember:
I.
Remember
these
I
think
we
for
the
most
part
we
we
sell
them
on
some
of
these
in
the.
A
D
D
A
Right
right
so
so
yeah
it
was
edu,
it
was
educate
and
evangelize
and
actually
I
evangelize
was
empty
and.
A
This
is
what
salsa
is
what
salsa
isn't
and
evangelizing
is
a
little
different,
it's
more
of
like
you
know,
like
a
promotion,
a
commercial
or
something
of
the
sort
right.
So
if
there's
too
much
overlap,
we
can
definitely
go.
Oh
I
see
a
hand
up.
Sorry,
I
was
not
paying
attention.
I,
don't
know
how
long
you've
had
your
hand
up
Brandon.
Thank
you
for
joining.
A
D
Oh,
he
wants
to
link
to
the
dock
again
he's.
Then
he
saw
another
Mike
yeah.
C
Just
put
his
hand
up,
but
yeah
I'm
curious
seems
like
up
his
Zoom
just
died.
He
just
he
messaged
me.
He
just
had
to
zoom
died,
he'll
be
back
in
a
second
okay.
A
Okay,
yeah
sorry
I
was
I
was
not
paying
attention
to
the
to
the
little
thing,
because
I
thought
it
was
just
the
three
of
us.
He
didn't
even
do
a
thing
normally,
wouldn't
it
notify
when
somebody
knew
comes
in
no
I.
Guess
not
you.
B
Hear
me
yeah
I
can
hear
you
now.
Okay,
sorry.
B
Our
resource,
I
I,
would
just
I
think
sofa
interpreting.
This
is
good.
That's
just
really
nutrient
I'm
I'm
wondering
whether
the
education
evangelize
aspect
of
it
I
wasn't
sure
whether
there
was
going
to
be
like
a
salsa
adoption,
sick
or
something
like
that.
I
feel
like
these
are
usually
like
a
little
bit
of
a
separate
exercise.
A
You
know
that's
a
good
point,
because
we
don't
have
an
adoption
one
right
now
and
I'm
trying
to
find
Josh's
Google
doc,
where
the
sigs
were
originally
defined.
If
you
have
that
link
by
all
means,
please
please
post
it,
because
I
can't
find
it
right
now.
C
I'll
I'll
bring
it
up
in
a
second
okay.
Thank
you.
A
Because
we
would
want
to
educate
on
our
findings,
like
hey
here's,
how
it
maps
to
this,
how
it
maps
to
that!
This
is
how
you,
like
your
positioning,
how
salsa
can
be
used,
but
evangelize
very
well,
maybe
more
in
the
adoption
of
the
tools.
Maybe
you
know
social
media
posts
Etc!
Oh,
thank
you
Mike!
C
Is
it
yep
so
so
yeah
there
there
was
an
adoption
working
group
where
the
idea
would
be
eventually
right
to
do
this
and
so
I
think
the
thing
is
we
sort
of
split
up
some
of
the
components
of
adoption
between
the
teams
until
the
specification,
tooling
and
positioning
is
a
little
bit
more
refined
because
once
that's
more
refined,
then
we
know
hey.
Here
is
the
vision
you
know
here
is
like
not
just
the
vision,
but
here
is
the
very
clear
thing
that
we're
doing
for
1.0.
Now,
let's
drive
adoption
of
that.
C
It's
just
the
problem
that
we
had
is
like.
We
didn't
want
to
start
driving
adoption.
While
we
still
had
some
open
questions
on
certain
requirements
and
these
other
things,
because
then
it's
just
going
to
cause
people
to
get
very
confused
and
be
like
hey.
This
seems
half-baked
as
opposed
to
you
know.
No,
no!
C
It's
just
we're
figuring
out
some
of
the
details,
so
the
idea
was
probably
sometime
next
month,
maybe
even
to
start
to
spin
up
the
adoption
but
as
as
an
example
like
this
is
still
an
open
question
where
we
probably
should,
in
the
very
least
I
would
say
that
the
positioning
group
is
not
necessarily
responsible
for
evangelizing,
but
maybe
responsible
for
setting
up
the
evangelizing
initially
so
that
when
the
adoption
team
is
gets
spun
off,
it's
going
to
be
super
easy
or
whatever.
Maybe
but
I
know
like
the
tooling
meeting.
C
For
example,
one
of
the
things
that
we
had
in
there
is
potentially
something
like
also
documentation
right
because,
like
you
know
really,
that's
the
adoption
side
is
like
hey
you.
You
write
up
the
docs.
You
show
some
examples,
but
given
that
that
doesn't
currently
exist,
like
the
adoption
thing
doesn't
quite
exist,
maybe
we
do
a
little
bit
of
it
in
the
tooling
meeting.
B
Yeah
I,
I
I
think
it's,
maybe
you
as
well
like
putting
together
the
chat
up
for
this
like
I,
think
it's
fine
that
we
pick
up
some
of
the
adoptions
up,
but
maybe
we
should
be
a
little
bit
more
intentional.
Oh.
A
Yeah
yeah,
no
I
I,
agree
yeah
and
I'm
looking
at
the
original,
and
it
looks
like
it's
heavily
dependent
on
tooling
someone
and
then
postpone
this
until
a
future
roadmap
cycle
top
projects
package
manager.
So
this
almost
sounds
like
using
sulfa
tooling,
but
we
might
want
to
clarify
you
know.
Would
we
want
to
push
once
this
team
is
set
up?
Would
we
want
to
push
some
of
the
evangelism
into
the
adoption
space
because
the
way
it's
written
right
now
it
doesn't
look
like
it.
A
But
let
me
go
back
here.
Nope,
not
here
here.
D
That
largely
depends
on
what
what
the
adoption
with
the
adoption
thing
scope
is
right,
I
mean,
is
it
I
mean?
Is
it?
Is
it
towards
adopting
any
any
tooling
that
that
gets
created
specifically
for
for
salsa?
Or
is
it
because,
because
I
I
say
depend
on
tooling
and
I?
Don't
necessarily
I,
don't
know
that
I
necessarily
disagree
with
that
right.
I
mean
I.
D
Think
it
crossed
a
lot
of
these
Frameworks,
making
sure
that
you
that
the
tools
that
are
being
used
and
that
you
have
a
right
reference,
implementation
implementation,
then
of
course,
some
type
of
a
reference
architecture
around
each
around
the
tools
for
the
reference
implementation
of
the
framework.
D
With
respect
to
the
tools,
then
you
can
begin
to
evangelize
adoption
at
each
level,
so
I
I,
so
I
I.
Don't
necessarily
disagree
with
that,
but
I
wonder
about
scoping
of
the
of
the
adoption
sake
in
with
regards
to
to
the
evangelizing
portion
of
of
positioning.
A
Yeah
yeah
I
was
trying
to
figure
that
out
too
because
I
know
Mike.
There
was
that
blog
that
just
went
out
recently
and
I
missed
it
in
the
the
chat
like
completely
didn't,
even
see
it
and
I
literally
posted
something
right
after
and
I
didn't
see
it,
and
so
then
it
dawned
on
me
I'm
like
wait.
A
Because
you
are
trying
to
position
salsa
in
a
good
light
and
how
to
use
it,
and,
and
you
know
what
tools
are
available
Etc
so
would
it
be
appropriate
to
funnel
the
blogs
to
you
know
one
of
these
two,
and
that
was
some
that
thought
that
came
across
my
mind
yesterday
and
I'm
not
sure
what
the
answer
is
right,
but
blogging
is
evangelism
positioning
educating,
so
I
I
was
thinking
about
that
last
night.
Trying
to
understand
what
you
know.
A
Maybe
we
need
to
ask
about
that
as
well,
and
the
in
the
meeting
on
Thursday.
B
Yeah
I
I
think
it's
like
kind
of,
at
least
if,
while
I
see
you,
for
example,
SPX
right
I,
think
initially
all
the
groups
are
kind
of
bringing
a
little
bit
of
this
right.
But
then,
once
it
started
to
scale,
then
you
kind
of
need
a
dedicated
groups
to
concentrate
on.
Like
oh,
you
know,
what's
the
messaging
of
the
thought
pose,
is
it
I'm
getting
the
right
target
audience
and
then
they
they
also
I,
believe
have
a
and
then
there
will
be
a
sick
for
Education
as
well,
which
is
like
okay.
B
Once
a
positioning
group
creates
a
point
of
view
and
of
like
a
top
leadership,
then
it's
about
creating
training,
materials,
training,
training,
training
courses,
I
develop,
develop
a
certification
and
stuff
like
that,
at
least.
That's
that's,
I!
Think,
the
broader!
That's!
Why
I
see
a
program
for
education
and
evangelism
yeah.
A
Yeah
yeah,
and
that
makes
sense
I'm
trying
to
think.
Oh,
so
we're
wait
where,
where
was
that?
Where
is
it
educate
event?
So
educate
I
wrote
about
use
cases,
anything
that's
out
of
scope
right,
educating
Brandon!
This
came
from
your
example
of
working
with
nist
as
an
example
to
figure
out
how
salsa
fits
and,
and
it's
complementary
sort
of
to
to.
A
Not
maybe
not
complementary
is
the
right
word,
but
it
can
help
satisfy
some
of
the
controls
that
they
have
in
ssdf
as
an
example-
and
you
know
how
to
leverage
Tulsa
in
terms
of
community
and
so
evangelize
should
be
something
similar.
A
The
only
thing
I
put
here
was
highlight
the
benefits
that
can
be
gained
and
maybe
that
that's
the
key
is
it
benefits
it's
too
vague
because
I
when
I
was
writing.
This
I
was
thinking
in
terms
of
like
you,
you
can
meet
these
controls
and
you
know
you
can
ensure.
You
know
your
software.
Your
production
of
software
is
not
unsure,
but
you
know
you
can
be
at
least
to
a
higher
degree
of
certainty
that
your
software
is
more
secure
by
using
salsa
and
so
I
don't
know.
B
C
B
B
I
guess
the
question
is
like
is
as
a
positioning
working
group.
Are
we
just
creating
guidance
documents?
Are
we
also.
A
Yeah
and
yeah
I
think
it's
it's
definitely
to
educate
and
I'm
going
trying
to
go
back
to
Josh's
original
one
right
triangulation,
which
blah
blah
blah
blah,
and
so,
when
you're
doing
this,
in
my
in
my
mind,
please
feel
free
to
speak,
Jian
and
Mike.
You
would
want
to
educate
on
those
findings
right,
so
it
could
be
blogs.
A
It
could
be
documents,
it
could
be
LinkedIn
postings,
it
could
be
talking
about
it
in
conferences,
right
and
house
also
can
help
with
these
compliance
items,
at
least
in
my
mind,
and
so
I
tried
to
to
put
that
on
here.
Like
you
know,
open
ssf
meetings,
you
know,
maybe
social
media
accounts
conferences,
because
that's
what
we're
trying
to
do
is
to
educate
but
you're,
also
evangelizing.
At
that
same
point
and
I
know
I
had
a
question
for
the
group.
A
Is
this
too
similar
to
educate
that
we
can
get
rid
of
it
and
that
part
I
was
just
you
know,
educating.
D
A
D
Well,
because
I
because
I
think
I
think
at
least
in
the
beginning,
they
they
both
they
both
are
almost
one
and
the
same
I.
Think
in
the
beginning,
to
evangelize
this
to
educate,
to
educate,
is
to
evangelize,
right
and
but
I
think
once
it
becomes
once
once
we
reach
Apex
right
of
of
becoming
the
the
language
Franca.
D
Then
then
the
education
portion
now
lives
with
with
its
with
stand
with
standards,
with
the
published
consumable,
standardization
of
of
some
type
of
document
or
some
type
of
a
reference
implementation
and
now
you're
evangelizing.
D
It's
success
across
the
industry
right
those
things
become
a
little
bit
more
separate
as
we
as
we
begin
to
achieve
it's
it's
it's
recognition
and
in
its
adoption,
but
I
think
I.
Think
at
this
current
stage,
they're
both
they're,
both
one
and
the
same
okay.
A
A
D
I
I
I
think
you
may
I
think
it
may
require
also
an
additional
line
that
that
speaks
to
future
State,
because
this
is
the
charter
right,
so
so
the
less
the
less
we
have
to
touch
it
after
the
fact,
the
better.
So
if
we
have
a
line
in
the
charter
that
that
speaks
to
Future
States
of
of
the
of
the
distance
of
the
distancing
between
education
and
evangelizing
as
adoption.
A
D
And
and
as
adoption
and
recognition
increases,
then
we
then
you
know
somebody
might
say,
maybe
a
couple
of
years
down
the
road
hey.
We
haven't
looked
at
the
charter
for
a
while,
I
think
we're
at
this
point.
We
may
be
able
to
just
separate
these
two
out
and
and
then
you
can
have
that
discussion
then,
but
the
charter
still
is
is
relevant
because
we
have
that
one
line
in
there
that
speaks
to
that
speaks
to
the
fact
that
we've
already
thought
about
what
this
is
going
to
become
later
on.
Yeah.
A
It
makes
sense:
okay,
so
I
put
that
there
gonna
have
to
figure
out
how
to
squeeze
this
in
here
in
a
nicer
way,
because
right
now
it
doesn't
quite
make
sense.
Okay,
so
then
I'm
gonna
scratch
this
out
and
try
to
combine
it
up
top
and
I
know
we
are
very
close
yeah.
Well
it's
on
the
dot.
Then
there's
encourage
obviously
trying
to
get
other
people
to
participate
right
for
for
different
reasons.
Right,
diverse
perspectives
brings
new
ideas,
potential
potentially.
D
I'm
here
to
tell
you,
after
the
meeting
that
Mike,
the
Michael
and
I
were
just
in
I,
get
to
feeling
that
participation,
especially
here,
is
going
to
increase
just
a
little
bit
more
well.
I
I
got
I
got
some
cooking
I
got
I
got
I
got
a
bun.
D
A
Good
good
I,
don't
know
what
meeting
that
was,
but
good
that
that's
good
to
hear
I'm
all
for
it.
So
yeah,
if
you
can,
if
everyone
can
just
look
at
the
rest
of
it,
the
the
encourage
operating
goals
and
Leadership
accountability,
I
think
that
the
other
ones
are
pretty
straightforward.
A
It
was
just
this
educated,
evangelize
was,
and
I
could
probably
do
something
like
this
in
July
just
for
now,
but
okay.
Well,
thanks
everyone
for
joining
appreciate
the
feedback.
The
insights
definitely
Mike
on
that
Moscow.
Let
us
know
what
you
find
and
we
will
meet
again
soon:
cool,
okay
thanks.
Everyone
have
a
good
day.