OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [sarif] Corrected chat trace for Day 2

I tried to join several times yesterday.

Kevin E. Greene (KevEG)
The MITRE Corporation

On 2/1/18, 8:35 PM, "sarif@lists.oasis-open.org on behalf of David Keaton" <sarif@lists.oasis-open.org on behalf of dmk@dmk.com> wrote:

    Pooya Mehregan: Has the meeting started yet?
    Larry Golding: Not quite
    Please change your name from 'anonymous' using the Settings button
    anonymous morphed into [Co-Chair] David Keaton
    [Co-Chair] David Keaton: Audio: 
    [Co-Chair] David Keaton: The agenda was just updated a second time. 
    Please download the new one.  Its title is "Revised**2 Agenda".
    [Co-Chair] David Keaton: 
    [Co-Chair] David Keaton: 11.2 James: SWAMP demo
    [Co-Chair] David Keaton: 11.3 Larry: SARIF Viewer for Visual Studio demo
    [Co-Chair] David Keaton: Consider a "future" issue for localization
    [Co-Chair] David Keaton: 11.4 Henny: Kestrel demo
    [Co-Chair] David Keaton: Break until 10:40, then review data files
    [Co-Chair] David Keaton: 11.5 Review data files
    [Co-Chair] David Keaton: 
    [Co-Chair] David Keaton: Review data files until 11:00
    [Co-Chair] David Keaton: Discussed items found in data files
    [Co-Chair] David Keaton: Detailed review of CodeSonar data guided by Paul
    [Co-Chair] David Keaton: Anyone who wants to preserve a need they 
    observed during the data file review, please type an abbreviated line 
    about it in the chat trace.
    Michael C. Fanning1: new issue to consider, when specifying a code 
    snippet, do we need a broader range for the snippet, then a more 
    specific region of interest in the snippet
    Michael C. Fanning1: Does the call return code flow kind allow 
    sufficient expressiveness to reflect a value that changes as a result of 
    being passed as a reference/out arg?
    Michael C. Fanning1: should sarif carry information suitable for 
    debugging a code flow (that, for example, returns a false positive) in 
    addition to the information intended to literally be examined/diagnosed 
    by the user?
    Michael C. Fanning1 morphed into Michael C. Fanning
    [Co-Chair] David Keaton: Break for lunch until 13:30
    [Co-Chair] David Keaton: 12.1 (10.1 Enable traceability from converted 
    SARIF file to original analysis tool log file [#66])
    [Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/66
    [Co-Chair] David Keaton: What to do with "region" if the region is the 
    whole file?
    [Co-Chair] David Keaton: Does absence of the "region" object mean the 
    whole file?
    [Co-Chair] David Keaton: *** ACTION: Larry to write text to implement 
    #66 and submit for review.
    [Co-Chair] David Keaton: 12.1 (10.3 Code flow enhancement items raised 
    [Co-Chair] David Keaton: Which items are most important for us to address?
    [Co-Chair] David Keaton: Michael: Luke's Type of code flow items e.g. 
    call is both node and edge
    [Co-Chair] David Keaton: Michael:  Michael's Event links
    [Co-Chair] David Keaton: Luke: Right selection of kinds?
    [Co-Chair] David Keaton: Michael: Exception types (annotated code 
    location kind)
    [Co-Chair] David Keaton: Jim: Implicit code execution such as macros
    [Co-Chair] David Keaton: Jim: Implicit code execution such as macros
    [Co-Chair] David Keaton: Paul: Threads - separate flows
    [Co-Chair] David Keaton: Deep dive: Luke: Type of code flow items e.g. 
    call is both node and edge
    [Co-Chair] David Keaton: 12.2 Walk through issues and determine which 
    will be in Committee Specification Draft
    [Co-Chair] David Keaton: CSD.1 tag applied to all github issues that 
    must be addressed before the first Committee Specification Draft
    [Co-Chair] David Keaton: #80 can be "addressed" by discussing it and 
    implementing part of it
    [Co-Chair] David Keaton: *** ACTION: Larry and David will discuss 
    citations for the list of hash algorithms.
    [Co-Chair] David Keaton: 12.3 Results management disscussion
    [Co-Chair] David Keaton: Michael: Want to discuss guiding principles for 
    how much of this should be part of SARIF
    [Co-Chair] David Keaton: Items to consider: Validity, Confidence, 
    Severity, Scheduling
    [Co-Chair] David Keaton: ID field, fingerprint, suppression state are 
    what we need.  The rest can be built outside of SARIF.
    [Co-Chair] David Keaton: 13. Discuss Next Steps
    [Co-Chair] David Keaton: Agree to hold more discussions on the github 
    [Co-Chair] David Keaton: Everybody should "Watch" the SARIF repo so they 
    will see all the discussions.
    [Co-Chair] David Keaton: Plan: Editorial committee meetings next week 
    and two weeks later.
    [Co-Chair] David Keaton: Changed Plan: Two editorial committee meetings, 
    schedule TBD.
    [Co-Chair] David Keaton: *** DECISION: Two SARIF TC teleconferences, 
    then CSD 1.
    [Co-Chair] David Keaton: *** DECISION: SARIF TC teleconference on 
    February 28th at the usual time.
    [Co-Chair] David Keaton: *** ACTION: Michael will file an issue on Jim's 
    concern about parsing paths that include . and .. *** DONE! (#86)
    [Co-Chair] David Keaton: *** DECISION: We will address all issues marked 
    CSD.1 for the first Committee Specification Draft and will not address 
    any issues not marked CSD.1 for the first CSD.
    [Co-Chair] David Keaton: *** DECISION:  We will not address any results 
    management issues except instance ID in CSD.1.
    To unsubscribe from this mail list, you must leave the OASIS TC that 
    generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]