OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Corrected chat trace from Day 1

anonymous morphed into Paul Anderson
anonymous morphed into Mel Llaguno
anonymous morphed into Larry Golding
Please change your name from 'anonymous' using the Settings button
anonymous morphed into [Co-Chair] David Keaton
[Co-Chair] David Keaton: Agenda: https://www.oasis-open.org/apps/org/workgroup/sarif/download.php/62407/agenda_20180131.html 
anonymous morphed into Michael C. Fanning
[Co-Chair] David Keaton: Audio: https://meet.lync.com/microsoft/mikefan/5YKRT9B8 
[Co-Chair] David Keaton: Agenda approved
[Co-Chair] David Keaton: Previous minutes approved
Michael C. Fanning: Motion by Larry to approve agenda
Michael C. Fanning: Paul seconds
Michael C. Fanning: Motion to approve minutes by Larry
Michael C. Fanning: Luke seconds, no discussion, motion approved
Michael C. Fanning: Previous actions, collect data on code flow, completed
Michael C. Fanning: Waiting on Nikolai re: proposal for rank
Michael C. Fanning: Larry filed required JSON issues as discussed in previous meeting 
Michael C. Fanning: Attendance taken.
Michael C. Fanning: Future meetings, next discussion 2/14 at the usual time (9:30 PST) [Co-Chair] David Keaton: Hoping to set Committee Specification Draft schedule during this meeting 
[Co-Chair] David Keaton: Editor's report discussed
[Co-Chair] David Keaton: 4.1 Issues - will get as far as we can this morning, then overflow to same time slot tomorrow 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/47
[Co-Chair] David Keaton: Outside scope
[Co-Chair] David Keaton: Larry's drawing:
[Co-Chair] David Keaton: runs: [
[Co-Chair] David Keaton: {
[Co-Chair] David Keaton: files: {
[Co-Chair] David Keaton: "someURL": {
[Co-Chair] David Keaton: mimeTYpe
[Co-Chair] David Keaton: contents:
[Co-Chair] David Keaton: hashes: {
[Co-Chair] David Keaton: SHA-1: ...
[Co-Chair] David Keaton: That is where the hash would go in Larry's proposal. [Co-Chair] David Keaton: Original #47 was outside scope, but led to this discussion of hashing the source file [Co-Chair] David Keaton: Paul discussed use case for #47: wanting to assure that SARIF output of his tool was not tampered with [Co-Chair] David Keaton: Paul's other use case: combining signed SARIF files would not invalidate the individual signatures [Co-Chair] David Keaton: Larry proposes labeling #47 "future" (later version of the standard) and "results management" [Co-Chair] David Keaton: *** ACTION: Michael will file an issue to make sure this is discussed in security section of standard, even though the full #47 is out of scope [Co-Chair] David Keaton: *** DECISION: Label #47 "future" and "results management" 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/78
[Co-Chair] David Keaton: *** DECISION: Adopt #78 but amended to replace "do not" with "avoid" 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/63
[Co-Chair] David Keaton: #63 is based on RFC 3986. Jim proposes going further and normalizing the full path. 
[Co-Chair] David Keaton: *** DECISION:  Tabled until this time slot tomorrow
[Co-Chair] David Keaton: *** ACTION: Larry to decide what result is to be proposed 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/66
[Co-Chair] David Keaton: End of this session for today. To be continued in the same time slot tomorrow. 
[Co-Chair] David Keaton: Break until 10:40
[Co-Chair] David Keaton: 5.1 Luke's demo
[Co-Chair] David Keaton: 5.2 Katrina's demo
[Co-Chair] David Keaton: 5.3 Mel's demo
[Co-Chair] David Keaton: 6.1 Breakout sessions?
[Co-Chair] David Keaton: Return from lunch
[Co-Chair] David Keaton: 11.1 (as agreed) Paul's demo
[Co-Chair] David Keaton: 6.1 Code flows
[Co-Chair] David Keaton: What needs to be addressed?
[Co-Chair] David Keaton: Mel: Event tree - conceptual structure
[Co-Chair] David Keaton: Katrina: Types of taint
[Co-Chair] David Keaton: Michael: Exception types (annotated code location kind) [Co-Chair] David Keaton: Katrina: What is a message vs. description vs. annotation? [Co-Chair] David Keaton: Katrina: External entries (sort of code flows but not really) - URLs 
[Co-Chair] David Keaton: Katrina: Multiple paths
[Co-Chair] David Keaton: Jim: Implicit code execution such as macros
[Co-Chair] David Keaton: Jim: Generic code/lambdas
[Co-Chair] David Keaton: Jim: Assertions about variable values
[Co-Chair] David Keaton: Henny: Bottom-up propagation of properties
[Co-Chair] David Keaton: Michael: Event links
[Co-Chair] David Keaton: Paul: Taint kinds
[Co-Chair] David Keaton: Paul: Threads - separate flows
[Co-Chair] David Keaton: Paul: Data marked as coming from a model?
[Co-Chair] David Keaton: Paul: Names e.g. functions - Larry: SARIF can handle logical code locations like this 
[Co-Chair] David Keaton: Paul: Fan-in not important
[Co-Chair] David Keaton: Luke: Type of code flow items e.g. call is both node and edge 
[Co-Chair] David Keaton: Luke: Target of code flows
[Co-Chair] David Keaton: Luke: Right selection of kinds?
[Co-Chair] David Keaton: Amended agenda to time box & run through remaining 4.2 issues 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/66
[Co-Chair] David Keaton: Jim: Default URI as fallback if not in result
[Co-Chair] David Keaton: Jim: May be more than one file that represents a result [Co-Chair] David Keaton: *** ACTION: Larry & Jim will revise #66 proposal for tomorrow *** DONE! 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/75
[Co-Chair] David Keaton: *** ACTION: Larry to remove the word "unique" and submit for review 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/64
[Co-Chair] David Keaton: Paul: Dictionary of dictionaries?
[Co-Chair] David Keaton: *** ACTION: Larry to flesh out for next teleconference 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/76
[Co-Chair] David Keaton: *** ACTION: Larry to specify UTF-8 for next teleconference 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/59
[Co-Chair] David Keaton: Not already covered by #56
[Co-Chair] David Keaton: Henny: Propose alternative to the level property
[Co-Chair] David Keaton: Defer until after Henny's demo
[Co-Chair] David Keaton: Proposal: Add a new level: open (uncertain)
[Co-Chair] David Keaton: *** ACTION: Larry to add "open" level and wordsmith for next teleconference (#81) [Co-Chair] David Keaton: *** ACTION: Michael review Polyspace designations to make sure they overlay in a seamless way [Co-Chair] David Keaton: *** ACTION: Larry to define labels "CSD", "future", "results management" *** DONE! 
[Co-Chair] David Keaton: Mel: Add "metrics" label
[Co-Chair] David Keaton: *** ACTION: Larry to open an issue to track metrics *** DONE! (#44) [Co-Chair] David Keaton: Metrics in CSD, results management for a later version? [Co-Chair] David Keaton: *** ACTION: Paul will submit a proposal for metrics. *** DONE!

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]