OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Raw chat trace from Day 2

Pooya Mehregan: Has the meeting started yet?
Larry Golding: Not quite
Please change your name from 'anonymous' using the Settings button
anonymous morphed into [Co-Chair] David Keaton
[Co-Chair] David Keaton: Audio: https://meet.lync.com/microsoft/mikefan/RVLT09SG [Co-Chair] David Keaton: The agenda was just updated a second time. Please download the new one. Its title is "Revised**2 Agenda". [Co-Chair] David Keaton: https://www.oasis-open.org/apps/org/workgroup/sarif/download.php/62431/agenda_20180131.html
[Co-Chair] David Keaton: 11.2 James: SWAMP demo
[Co-Chair] David Keaton: 11.3 Larry: SARIF Viewer for Visual Studio demo
[Co-Chair] David Keaton: Consider a "future" issue for localization
[Co-Chair] David Keaton: 11.4 Henny: Kestrel demo
[Co-Chair] David Keaton: Break until 10:40, then review data files
[Co-Chair] David Keaton: 11.5 Review data files
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/tree/master/Tool%20Samples
[Co-Chair] David Keaton: Review data files until 11:00
[Co-Chair] David Keaton: Discussed items found in data files
[Co-Chair] David Keaton: Detailed review of CodeSonar data guided by Paul
[Co-Chair] David Keaton: Anyone who wants to preserve a need they observed during the data file review, please type an abbreviated line about it in the chat trace. Michael C. Fanning1: new issue to consider, when specifying a code snippet, do we need a broader range for the snippet, then a more specific region of interest in the snippet Michael C. Fanning1: Does the call return code flow kind allow sufficient expressiveness to reflect a value that changes as a result of being passed as a reference/out arg? Michael C. Fanning1: should sarif carry information suitable for debugging a code flow (that, for example, returns a false positive) in addition to the information intended to literally be examined/diagnosed by the user?
Michael C. Fanning1 morphed into Michael C. Fanning
[Co-Chair] David Keaton: Break for lunch until 13:30
[Co-Chair] David Keaton: 12.1 (10.1 Enable traceability from converted SARIF file to original analysis tool log file [#66]
Move to approve proposed change draft.)
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/66
[Co-Chair] David Keaton: What to do with "region" if the region is the whole file? [Co-Chair] David Keaton: Does absence of the "region" object mean the whole file? [Co-Chair] David Keaton: *** ACTION: Larry to write text to implement #66 and submit for review. [Co-Chair] David Keaton: 12.1 (10.3 Code flow enhancement items raised yesterday)
[Co-Chair] David Keaton: Which items are most important for us to address?
[Co-Chair] David Keaton: Michael: Luke's Type of code flow items e.g. call is both node and edge
[Co-Chair] David Keaton: Michael:  Michael's Event links
[Co-Chair] David Keaton: Luke: Right selection of kinds?
[Co-Chair] David Keaton: Michael: Exception types (annotated code location kind)
[Co-Chair] David Keaton: Jim: Implicit code execution such as macros
[Co-Chair] David Keaton: Jim: Implicit code execution such as macros
[Co-Chair] David Keaton: Paul: Threads - separate flows
[Co-Chair] David Keaton: Deep dive: Luke: Type of code flow items e.g. call is both node and edge [Co-Chair] David Keaton: 12.2 Walk through issues and determine which will be in Committee Specification Draft [Co-Chair] David Keaton: CSD.1 tag applied to all github issues that must be addressed before the first Committee Specification Draft [Co-Chair] David Keaton: #80 can be "addressed" by discussing it and implementing part of it [Co-Chair] David Keaton: *** ACTION: Larry and David will discuss citations for the list of hash algorithms.
[Co-Chair] David Keaton: 12.3 Results management disscussion
[Co-Chair] David Keaton: Michael: Want to discuss guiding principles for how much of this should be part of SARIF [Co-Chair] David Keaton: Items to consider: Validity, Confidence, Severity, Scheduling [Co-Chair] David Keaton: ID field, fingerprint, suppression state are what we need. The rest can be built outside of SARIF.
[Co-Chair] David Keaton: 13. Discuss Next Steps
[Co-Chair] David Keaton: Agree to hold more discussions on the github issues. [Co-Chair] David Keaton: Everybody should "Watch" the SARIF repo so they will see all the discussions. [Co-Chair] David Keaton: Plan: Editorial committee meetings next week and two weeks later. [Co-Chair] David Keaton: Changed Plan: Two editorial committee meetings, schedule TBD. [Co-Chair] David Keaton: *** DECISION: Two SARIF TC teleconferences, then CSD 1. [Co-Chair] David Keaton: *** DECISION: SARIF TC teleconference on February 28th at the usual time. [Co-Chair] David Keaton: *** ACTION: Michael will file an issue on Jim's concern about parsing paths that include . and .. *** DONE! (#86) [Co-Chair] David Keaton: *** DECISION: We will address all issues marked CSD.1 for the first Committee Specification Draft and will not address any issues not marked CSD.1 for the first CSD. [Co-Chair] David Keaton: *** DECISION: We will not address any results management issues except instance ID in CSD.1.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]