OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [sarif] Corrected chat trace for Day 2


I tried to join several times yesterday.



------------
Kevin E. Greene (KevEG)
The MITRE Corporation

On 2/1/18, 8:35 PM, "sarif@lists.oasis-open.org on behalf of David Keaton" <sarif@lists.oasis-open.org on behalf of dmk@dmk.com> wrote:

    Pooya Mehregan: Has the meeting started yet?
    Larry Golding: Not quite
    Please change your name from 'anonymous' using the Settings button
    anonymous morphed into [Co-Chair] David Keaton
    [Co-Chair] David Keaton: Audio: 
    https://meet.lync.com/microsoft/mikefan/RVLT09SG
    [Co-Chair] David Keaton: The agenda was just updated a second time. 
    Please download the new one.  Its title is "Revised**2 Agenda".
    [Co-Chair] David Keaton: 
    https://www.oasis-open.org/apps/org/workgroup/sarif/download.php/62431/agenda_20180131.html
    [Co-Chair] David Keaton: 11.2 James: SWAMP demo
    [Co-Chair] David Keaton: 11.3 Larry: SARIF Viewer for Visual Studio demo
    [Co-Chair] David Keaton: Consider a "future" issue for localization
    [Co-Chair] David Keaton: 11.4 Henny: Kestrel demo
    [Co-Chair] David Keaton: Break until 10:40, then review data files
    [Co-Chair] David Keaton: 11.5 Review data files
    [Co-Chair] David Keaton: 
    https://github.com/oasis-tcs/sarif-spec/tree/master/Tool%20Samples
    [Co-Chair] David Keaton: Review data files until 11:00
    [Co-Chair] David Keaton: Discussed items found in data files
    [Co-Chair] David Keaton: Detailed review of CodeSonar data guided by Paul
    [Co-Chair] David Keaton: Anyone who wants to preserve a need they 
    observed during the data file review, please type an abbreviated line 
    about it in the chat trace.
    Michael C. Fanning1: new issue to consider, when specifying a code 
    snippet, do we need a broader range for the snippet, then a more 
    specific region of interest in the snippet
    Michael C. Fanning1: Does the call return code flow kind allow 
    sufficient expressiveness to reflect a value that changes as a result of 
    being passed as a reference/out arg?
    Michael C. Fanning1: should sarif carry information suitable for 
    debugging a code flow (that, for example, returns a false positive) in 
    addition to the information intended to literally be examined/diagnosed 
    by the user?
    Michael C. Fanning1 morphed into Michael C. Fanning
    [Co-Chair] David Keaton: Break for lunch until 13:30
    [Co-Chair] David Keaton: 12.1 (10.1 Enable traceability from converted 
    SARIF file to original analysis tool log file [#66])
    [Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/66
    [Co-Chair] David Keaton: What to do with "region" if the region is the 
    whole file?
    [Co-Chair] David Keaton: Does absence of the "region" object mean the 
    whole file?
    [Co-Chair] David Keaton: *** ACTION: Larry to write text to implement 
    #66 and submit for review.
    [Co-Chair] David Keaton: 12.1 (10.3 Code flow enhancement items raised 
    yesterday)
    [Co-Chair] David Keaton: Which items are most important for us to address?
    [Co-Chair] David Keaton: Michael: Luke's Type of code flow items e.g. 
    call is both node and edge
    [Co-Chair] David Keaton: Michael:  Michael's Event links
    [Co-Chair] David Keaton: Luke: Right selection of kinds?
    [Co-Chair] David Keaton: Michael: Exception types (annotated code 
    location kind)
    [Co-Chair] David Keaton: Jim: Implicit code execution such as macros
    [Co-Chair] David Keaton: Jim: Implicit code execution such as macros
    [Co-Chair] David Keaton: Paul: Threads - separate flows
    [Co-Chair] David Keaton: Deep dive: Luke: Type of code flow items e.g. 
    call is both node and edge
    [Co-Chair] David Keaton: 12.2 Walk through issues and determine which 
    will be in Committee Specification Draft
    [Co-Chair] David Keaton: CSD.1 tag applied to all github issues that 
    must be addressed before the first Committee Specification Draft
    [Co-Chair] David Keaton: #80 can be "addressed" by discussing it and 
    implementing part of it
    [Co-Chair] David Keaton: *** ACTION: Larry and David will discuss 
    citations for the list of hash algorithms.
    [Co-Chair] David Keaton: 12.3 Results management disscussion
    [Co-Chair] David Keaton: Michael: Want to discuss guiding principles for 
    how much of this should be part of SARIF
    [Co-Chair] David Keaton: Items to consider: Validity, Confidence, 
    Severity, Scheduling
    [Co-Chair] David Keaton: ID field, fingerprint, suppression state are 
    what we need.  The rest can be built outside of SARIF.
    [Co-Chair] David Keaton: 13. Discuss Next Steps
    [Co-Chair] David Keaton: Agree to hold more discussions on the github 
    issues.
    [Co-Chair] David Keaton: Everybody should "Watch" the SARIF repo so they 
    will see all the discussions.
    [Co-Chair] David Keaton: Plan: Editorial committee meetings next week 
    and two weeks later.
    [Co-Chair] David Keaton: Changed Plan: Two editorial committee meetings, 
    schedule TBD.
    [Co-Chair] David Keaton: *** DECISION: Two SARIF TC teleconferences, 
    then CSD 1.
    [Co-Chair] David Keaton: *** DECISION: SARIF TC teleconference on 
    February 28th at the usual time.
    [Co-Chair] David Keaton: *** ACTION: Michael will file an issue on Jim's 
    concern about parsing paths that include . and .. *** DONE! (#86)
    [Co-Chair] David Keaton: *** DECISION: We will address all issues marked 
    CSD.1 for the first Committee Specification Draft and will not address 
    any issues not marked CSD.1 for the first CSD.
    [Co-Chair] David Keaton: *** DECISION:  We will not address any results 
    management issues except instance ID in CSD.1.
    
    ---------------------------------------------------------------------
    To unsubscribe from this mail list, you must leave the OASIS TC that 
    generates this mail.  Follow this link to all your TCs in OASIS at:
    https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
    
    
    



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]