OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Raw chat trace of meeting #6 on 2017-NOV-08

http://webconf.soaphub.org/conf/room/sarif
Meeting Audio

https://meet.lync.com/microsoft/mikefan/NM85TFTL
1. Opening Activities

1.1 Opening comments (Co-Chair Keaton)
1.2 Introduction of participants/roll call (Co-Chair Cartey)
1.3 Procedures for this meeting (Co-Chair Keaton)
1.4 Approval of agenda (Co-Chair Keaton)
1.5 Approval of previous minutes [Minutes of 2017-10-25 Meeting#5] (Co-Chair Keaton)
1.6 Review of action items and resolutions (Secretary Hagen)
1.7 Identification of SARIF TC voting members (Co-Chair Cartey)
1.7.1 Prospective members attending their first meeting
1.7.2 Members attaining voting rights at the end of this meeting
1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends
1.7.4 Members who previously lost voting rights who are attending this meeting
1.7.5 Members who have declared a leave of absence
2. Future Meetings

2.1 Future meeting schedule (Co-Chair Keaton)
Teleconferences (Wednesdays at 09:30 PST / 17:30 UTC):
November 29
December 13
January 10
Face-to-face meeting
January 22-23 (tentative)
3. Introduction and presentation of Tools Output Integration Framework (TOIF) (Nick Mansourov)

4. Clarification of workflow for approving changes to spec language (Co-Editor Golding)

5. Resolution of github issues (Co-Editor Fanning)

5.1 Announcements
5.1.1 Rule help property [#27] is ready for spec langauge review
5.1.2 Namespaced tags [#56] is ready for spec language review
5.2 Resolve items discussed at previous meeting
5.2.1 Should we allow formatting in messages? [#33, #57, #61]
5.2.2 Consider adding 'rank' or 'probability' property [#58]
5.3 Should the result object support graph information? [#46]
5.4 Consider restructuring SARIF to be location, not results-focused [#55]
5.5 Consider a tool validation or 'selectivity' annotation [#59]
6. Other Business

7. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end)

7.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair Keaton)
7.2 Review of Decisions Reached (Secretary Hagen)
7.3 Review of Action Items (Secretary Hagen)
8. Next Meeting

November 29, 2017 / 09:30-11:30 PST / 17:30-19:30 UTC
9. Adjournment
[18:41] Stefan Hagen: Michael moves to approve the agenda. Larry seconds. No discussion. No objections. Agenda approved.
[18:41] Stefan Hagen: 1.5 Approval of previous minutes [Minutes of 2017-10-25 Meeting#5] (Co-Chair Keaton)
[18:42] Stefan Hagen: Michael moves to approve, Larry seconds.
[18:42] Hendrik Buchwald: Okay, now it works, thanks
[18:43] Stefan Hagen: No objections. Minutes are approved
[18:44] Stefan Hagen: 1.6 Review of action items and resolutions (Secretary Hagen)
[18:44] Stefan Hagen: Not aware of any results ready. Stefan, Larry and Michael
[18:44] Stefan Hagen: 1.7 Identification of SARIF TC voting members (Co-Chair Cartey)
1.7.1 Prospective members attending their first meeting
1.7.2 Members attaining voting rights at the end of this meeting
1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends
1.7.4 Members who previously lost voting rights who are attending this meeting
1.7.5 Members who have declared a leave of absence
[18:44] Stefan Hagen: One new member Hendrik
[18:45] Stefan Hagen: Vamshi has regained voting right after the meeting
[18:45] Stefan Hagen: if Kevin does not join before end, he will lose voting rights after this meeting
[18:46] Stefan Hagen: 2. Future Meetings

2.1 Future meeting schedule (Co-Chair Keaton)
Teleconferences (Wednesdays at 09:30 PST / 17:30 UTC):
November 29
December 13
January 10
Face-to-face meeting
January 22-23 (tentative)
[18:47] Stefan Hagen: Members can always speak
[18:48] Stefan Hagen: 3. Introduction and presentation of Tools Output Integration Framework (TOIF) (Nick Mansourov)
[18:49] Stefan Hagen: Nikolai walks all through a shared presentation and will provide the file for later storage / archiving on ASIS systems
[19:34] Stefan Hagen: All thank Nikolai
[19:35] Stefan Hagen: An action item on Nikolai to provide the slides
[19:35] Stefan Hagen: 4. Clarification of workflow for approving changes to spec language (Co-Editor Golding)
[19:35] Laurence Golding: https://github.com/oasis-tcs/sarif-spec/issues/67
[19:36] Laurence Golding: https://github.com/oasis-tcs/sarif-spec/pull/68/files
[19:42] Stefan Hagen: All discuss these two items and if and how we shall vote or approve.
[19:45] Stefan Hagen: Motion to change the process by larry seconded by michael
[19:46] Stefan Hagen: no discussion no objection is adopted
[19:46] Stefan Hagen: 5. Resolution of github issues (Co-Editor Fanning)

5.1 Announcements

[19:47] Stefan Hagen: Larry summarizes
[19:47] Stefan Hagen: 3.1 Announcements
  3.1.1 Rule help property https://github.com/oasis-tcs/sarif-spec/issues/27 #27 is ready for spec langauge review
  3.1.2 Namespaced tags https://github.com/oasis-tcs/sarif-spec/issues/56 #56 is ready for spec language review
[19:48] Stefan Hagen: CWE as example motivate #27 and #56 proposals ready for spec language review
[19:49] Stefan Hagen: Another issue fits nicely here, brought up by Larry and welcomed by TC
[19:50] Stefan Hagen: https://github.com/oasis-tcs/sarif-spec/issues/25/
[19:50] Stefan Hagen: Larry kindly asks for reviewing all there for next meeting
[19:51] Stefan Hagen: 3.2 Resolve items discussed at previous meeting
  3.2.1 Should we allow formatting in messages?
   - #33 - https://github.com/oasis-tcs/sarif-spec/issues/33
   - #57 - https://github.com/oasis-tcs/sarif-spec/issues/57
   - #61 - https://github.com/oasis-tcs/sarif-spec/issues/61
[19:51] Stefan Hagen: Starting with #61
[19:54] Laurence Golding: Here are the issues whose spec language will review next week:

Issue: https://github.com/oasis-tcs/sarif-spec/issues/25
PLEASE READ the discussion thread in the issue.
Change draft: https://github.com/oasis-tcs/sarif-spec/blob/master/Documents/ChangeDrafts/sarif-v1.0-issue-25-message-formattedRuleMessage.docx

Issue: https://github.com/oasis-tcs/sarif-spec/issues/27
Change draft: https://github.com/oasis-tcs/sarif-spec/blob/master/Documents/ChangeDrafts/sarif-v1.0-issue-27-rule-help.docx

Issue: https://github.com/oasis-tcs/sarif-spec/issues/56
Change draft: https://github.com/oasis-tcs/sarif-spec/blob/master/Documents/ChangeDrafts/sarif-v1.0-issue-56-namespaced-tags-with-metadata.docx
[19:59] Stefan Hagen: Paul is in the SpeakerQueue
[20:00] Stefan Hagen: Larry suggests, he sends a mail to the group, that includes two sample fragments showing the competing suggestions clarifying which one was Jims suggestion
[20:00] Stefan Hagen: SpeakerQUeue empty
[20:02] Stefan Hagen: Paul describes what their tool relies on w.r.t. formatting of messages / elements used etc.
[20:02] Michael C. Fanning: we are now discussing https://github.com/oasis-tcs/sarif-spec/issues/33
[20:03] Stefan Hagen: Yekatarina shortly describes her contribution to the discussion in the issue (a screenshot and a link where people can inspect online)
[20:04] Stefan Hagen: Laurence entered  the SpeakerQueue
[20:04] Stefan Hagen: Laurence noted a strong similarity between the two samples posted
[20:06] Stefan Hagen: Laurence thinks some more regions of the structures possible, should additionally be documented in use - he knows of some sophisticated tools that do - so we have more coverage before deciding
[20:09] Stefan Hagen: Sorry, Note on similarity and missing coverage was from Michael (voice detection of scribe still fable)
[20:10] Stefan Hagen: Laurence suggests to in any case focus on the restriction, as we already narrowed down in discussion on some restriction on markdown, but in any case implementers will require to create parsers for a custom format which will not be great for adoption, so are we all conscious of the possible impact on adoption?
[20:12] Stefan Hagen: Michael welcomes the thought direction of first identifying a base among the group but then again think about impact on secondary dimensions. He suggests to continue, but then let the ecosystem decide how to proceed. If we only use a subset, anyone supporting markdown today, would they have to support a second parallel way to integrate SARIF?
[20:13] Stefan Hagen: Paul and Laurence ins SpeakerQUeu -Paul has the floor
[20:14] Stefan Hagen: Paul notes, that we should conclude on what we expect from the consumers to rendered what in how far: is a newline rendered or ...? We have to describe the expectations, so that implementers can offer similar experiences / renderings
[20:15] Stefan Hagen: Michael agrees with that and proposes we build a foundational consensus here from that concept
[20:15] Stefan Hagen: Laurence has the floor
[20:16] Stefan Hagen: Laurence on question on encoding, he thinks it is not a problem, as JSON is to be encoded in UTF-8 or another 16-bit Unicode variant.
[20:17] Stefan Hagen: Laurence is in favour for mandating a format statement (markdown subset)
[20:19] Stefan Hagen: SpeakerQueue has Stefan and Luke
[20:20] Stefan Hagen: All discuss markdown and responsibility of input validation or constrained subset
[20:21] Stefan Hagen: Stefan suggests that encoding of JSON files might need future discussion, esp. when read from disk (file) or received over wire.
[20:22] Stefan Hagen: Luke asks about format
[20:23] Stefan Hagen: Laurence will start a straw
[20:24] Stefan Hagen: Luke will start a straw poll
[20:24] Stefan Hagen: OK Michael is fully volunteering to collect the straw man poll
[20:25] Stefan Hagen: @Laurence: Sorry I did not understand the action item you related to with respect to niko
[20:25] Stefan Hagen: Meeting adjourned
[20:26] Hendrik Buchwald: Thanks, very informative. See you next time


# Meeting Attendees 

## Company                                    Name ascending        Role

GrammaTech, Inc.                              Paul Anderson         Voting Member
FireEye, Inc                                  Sean Barnum           Member
SWAMP                                         Vamshi Basupalli      Voting Member
RIPS Technologies                             Hendrik Buchwald      Member
Semmle                                        Luke Cartey           Chair
Microsoft                                     Sunny Chatterjee      Voting Member
Microsoft                                     Michael Fanning       Voting Member
Individual                                    Laurence Golding      Voting Member
Individual                                    Stefan Hagen          Secretary
Micro Focus                                   Larry Hines           Voting Member
Individual                                    David Keaton          Chair
SWAMP                                         Jim Kupsch            Voting Member
Synopsys                                      Mel Llaguno           Voting Member
Security Compass                              Pooya Mehregan        Member
Micro Focus                                   Yekaterina O'Neil     Voting Member
Kestrel Technology                            Henny Sipma Voting    Member
Kestrel Technology                            Douglas Smith Voting  Member
sFractal Consulting                           LLC Duncan Sparrell   Member


# Meeting Statistics
Quorum rule 51% of voting members
Achieved quorum yes
Individual Attendance Contributing Members: 18 of 34 (52%) 
Voting Members: 14 of 18 (77%) (used for quorum calculation) 
Company Attendance  Contributing Companies: 12 of 21 (57%) 
Voting Companies: 8 of 11 (72%)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]