OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [sarif] Acknowledgements


In addition to current contributions, we can also acknowledge past contributions say which brought the previous (contributed version of SARIF) to life when under the auspices of Microsoft like so:

On the title page we could easily add say editors by name in the Related work section (we did this in CSAF to honor the work, the editor of the previous version which was contributed to OASIS but the editor did not join the TC):

So instead of (current):

"""
Related work:

This specification replaces or supersedes:
* None
"""

We could write:

"""
Related work:
This specification replaces or supersedes:
* Static Analysis Results Interchange Format (SARIF) Version 1.0, Microsoft Corporation, <HERE_LIST_OF_PREVIOUS_EDITORS>, 2015, <OFFICIAL_URL_I_HAVE_ONLY_THE OASIS_CONTRIB_ONE>
"""

As a sample, in CSAF we did:

"""
Related work:
This specification replaces or supersedes:
* The Common Vulnerability Reporting Framework (CVRF) Version 1.1., ICASI, ICASI CVRF Working Group, Mike Schiffman, Editor, May 2012, http://www.icasi.org/the-common-vulnerability-reporting-framework-cvrf-v1-1/.

"""

All the best,
Stefan.

Am 06.05.18 um 14:32 schrieb Stefan Hagen:
Hi,

I suggest as Participant list offered initially to use:

Andrew Pardoe, Microsoft
Chris Wysopal, CA Technologies
David Keaton, Individual
Douglas Smith, Kestrel Technology
Duncan Sparrell, sFractal Consulting LLC
Everett Maus, Microsoft
Hendrik Buchwald, RIPS Technologies
Henny Sipma, Kestrel Technology
Jim Kupsch, SWAMP
Jordyn Puryear, Microsoft
Joseph Feiman, CA Technologies
Ken Prole, Code Dx, Inc.
Kevin Greene, Mitre Corporation
Larry Hines, Micro Focus
Laurence Golding, Individual
Luke Cartey, Semmle
Mel Llaguno, Synopsys
Michael Fanning, Microsoft
Nikolai Mansourov, Object Management Group
Paul Anderson, GrammaTech, Inc.
Paul Brookes, Microsoft
Paul Patrick, FireEye, Inc.
Philip Royer, Phantom
Pooya Mehregan, Security Compass
Ram Jeyaraman, Microsoft
Sean Barnum, FireEye, Inc.
Smith Douglas, Kestrel Technology
Stefan Hagen, Individual
Sunny Chatterjee, Microsoft
Tim Hudson, Cryptsoft Pty Ltd.
Trey Darley, New Context Services, Inc.
Vamshi Basupalli, SWAMP
Yekaterina O'Neil, Micro Focus

As withing other TCs I only included members (regardless of voting
state) iff they attended at least one meeting.

I use the First/Given Name then Last/Family Name convention, as it is
practiced in some TCs, mirrors best our communication style in the TC
when conducting business, and helps finding people that sometimes change
that Last/Family  name (like eg. I did two times in my life).

The affiliation is **not** used as grouping to make clear, that
individual experts are members of the TC not company delegates.
Of course when being affiliated with a company, it is clear, that the
members have the clearance from the company they are affiliated with.

People also changed affiliation during lifetime of this TC, so it is
noted the last, iff they are still members or their last participation
was with this affiliation.

The restirction on members is naurally derived from the IPR safeguarding
function of the TC process and by the technical fact, that observers are
allowed to listen but not to talk during the meetings, thus no input
possible.

I think this is a good candidate and I would be happy to see this
included in that way in our first CSD01 "baby"

All the best,
Stefan.

Am 03.05.18 um 03:44 schrieb Larry Golding:
Yes, I agree.



Sent from my Windows 10 phone



*From: *Michael Fanning <mailto:Michael.Fanning@microsoft.com>
*Sent: *Wednesday, May 2, 2018 5:51 PM
*To: *Larry Golding (Comcast) <mailto:larrygolding@comcast.net>;
sarif@lists.oasis-open.org <mailto:sarif@lists.oasis-open.org>
*Subject: *RE: [sarif] Acknowledgements



We should definitely start pulling together a list. I think it probably
makes sense to solicit positive sign-off from all people who could be
listed in this section that they would like to be, do you agree?



*From:* sarif@lists.oasis-open.org <sarif@lists.oasis-open.org> *On
Behalf Of *Larry Golding (Comcast)
*Sent:* Wednesday, May 2, 2018 4:25 PM
*To:* sarif@lists.oasis-open.org
*Subject:* [sarif] Acknowledgements



As we get closer to publishing CSD.1, I need to fill in this appendix:



Appendix A. (Informative) Acknowledgments

(*Note:* A Work Product approved by the TC must include a list of people
who participated in the development of the Work Product. This is
generally done by collecting the list of names in this appendix. This
list shall be initially compiled by the Chair, and any Member of the TC
may add or remove their names from the list by request.

Remove this note before submitting for publication.)

The following individuals have participated in the creation of this
specification and are gratefully acknowledged:

Participants:

[Participant Name, Affiliation | Individual Member]

[Participant Name, Affiliation | Individual Member]



Please let me know who we should list. I know there were a few Google
people who contributed ideas about “fixes” early on. And then there was
a long list of Microsoft people we acknowledged when we sent out our
“victory mail” announcing SARIF v1. No doubt there are more.



Thanks,

Larry







--
Stefan Hagen
read://shagen.de
talk: eventually


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]