OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sarif message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Raw chat trace for November 14, 2018

[Co-Chair] David Keaton: Agenda for November 14, 2018
MEETING OF OASIS SARIF TECHNICAL COMMITTEE

Time
09:30-11:30 PST
17:30-19:30 UTC
Meeting Chat Location
http://webconf.soaphub.org/conf/room/sarif
Meeting Audio and Screen Sharing
https://meet.lync.com/microsoft/mikefan/NHD7L7ZT
1. Opening Activities
1.1 Opening comments (Co-Chair Keaton)
1.2 Introduction of participants/roll call (Co-Chair Cartey)
1.3 Procedures for this meeting (Co-Chair Keaton)
1.4 Approval of agenda (Co-Chair Keaton)
1.5 Approval of previous minutes [Minutes of 2018-10-24 Meeting#26] (Co-Chair Keaton) 
1.6 Review of action items and resolutions (Secretary Hagen)
1.7 Identification of SARIF TC voting members (Co-Chair Cartey)
1.7.1 Prospective members attending their first meeting
1.7.2 Members attaining voting rights at the end of this meeting
1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends 1.7.4 Members who previously lost voting rights who are attending this meeting 
1.7.5 Members who have declared a leave of absence
2. Timeline Status
2.1 Note where we are on the schedule [SARIF TC Timeline] (Co-Chair Keaton)
- Working on CSD 2, with 49 open issues, 0 fewer than previous agenda snapshot 
3. Future Meetings
3.1 Future meeting schedule (Co-Chair Keaton)
Scheduled teleconferences (Wednesdays at 09:30 PST / 17:30 UTC for two hours) 
November 28
December 12
January 9
Proposed face-to-face meeting
Approximately January 23-24, location TBD
4. Document Progress (Co-Editors Golding and Fanning)
4.1 Editors' report
4.2 Approval of changes
Location of change drafts:
https://github.com/oasis-tcs/sarif-spec/tree/master/Documents/ChangeDrafts/Active
Discuss the following items individually, then vote on them together unless someone would like to separate out an issue for individual vote. 
4.2.1 Make Run.Files an array [#256]
4.2.2 Version control details not strongly associated with results [#248]
4.2.3 Changes to threadflowLocation [#194] [#202] (time limit 20 minutes)
4.2.4 Decide how to handle uncommon line break characters [#169]
4.2.5 Introduce resultProvenance object [#272]
4.2.6 Add result.useful and result.suppressionReasons [#268]
4.2.7 Add optional "itemCount" property to externalPropertyFile [#269]
4.2.8 Specify how to store IRIs in URI-valued properties [#275]
4.3 Discussions
4.3.1 Distinction between raw vs. hosted content [#226]
4.3.2 Consider: 'review' or 'audit' result level. and reconsider 'note' [#215] 
4.3.3 Any other document items that need to be discussed
5. Other Business
6. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end) 6.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair Keaton) 
6.2 Review of Decisions Reached (Secretary Hagen)
6.3 Review of Action Items (Secretary Hagen)
7. Next Meeting
November 28, 2018 / 09:30-11:30 PST / 17:30-19:30 UTC
8. Adjournment
[Co-Chair] David Keaton: 1.4 Approval of agenda
anonymous morphed into David Ammons
[Co-Chair] David Keaton: Amend to delete 4.2.2 and 4.2.3 -- approved
[Co-Chair] David Keaton: APPROVED as amended
[Co-Chair] David Keaton: 1.5 Approval of previous minutes
[Co-Chair] David Keaton: APPROVED
[Co-Chair] David Keaton: 1.7 Identification of SARIF TC voting members
[Co-Chair] David Keaton: Vamshi needs to join by end of meeting to keep voting status 
[Co-Chair] David Keaton: 4. Document Progress
[Co-Chair] David Keaton: 4.1 Editors' report
[Co-Chair] David Keaton: 4.2 Approval of changes
[Co-Chair] David Keaton: Location of change drafts:
https://github.com/oasis-tcs/sarif-spec/tree/master/Documents/ChangeDrafts/Active
[Co-Chair] David Keaton: 4.2.1 Make Run.Files an array [#256]
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/256
[Co-Chair] David Keaton: 4.2.4 Decide how to handle uncommon line break characters [#169] 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/169
[Co-Chair] David Keaton: 4.2.5 Introduce resultProvenance object [#272]
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/272
[Co-Chair] David Keaton: Discussed the possibility of adding a last detection time property 
[Co-Chair] David Keaton: Amend this change to include lastDetectionTimeUTC
[Co-Chair] David Keaton: 4.2.6 Add result.useful and result.suppressionReasons [#268] 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/268
David Ammons: Wouldn't "it's not important to me" or "valid but not valuable" indicate that the user disagrees about the severity of the result? [Co-Chair] David Keaton: Discussed additional categories for result.suppressionReasons 
[Co-Chair] David Keaton: change array named to dispositionAnnotations?

valid but not valuable (unimportant)
not actionable due to poor reporting/tool quality
weakness can't be provoked (notExploitable, notFeasible, pathNotFeasible)
false positive that we fixed for other reasons, e.g., compliance
valid but accepting risk
tool assumptions/models/invariants need correcting (useful for tuning analysis) perhaps we focus on feedback that drives noise levels/analysis quality? (and not, for example, scheduling/tracking/exceptions requests, etc., related to the implied work)
perhaps we focus on transporting data that is most likely to be consumed by viewers. 
[Co-Chair] David Keaton: Leave this item out of the vote
[Co-Chair] David Keaton: 4.2.7 Add optional "itemCount" property to externalPropertyFile [#269] 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/269
[Co-Chair] David Keaton: 4.2.8 Specify how to store IRIs in URI-valued properties [#275] 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/275
[Co-Chair] David Keaton: Changes to consider approving:
4.2.1 (#256), 4.2.4 (#169),
4.2.5 (#272) as amended,
4.2.7 (#269), 4.2.8 (#275)
[Co-Chair] David Keaton: Larry so moves, Michael seconds
Michael C. Fanning: #272 adds lastDetectionTimeUtc property, populated when marked absent 
Michael C. Fanning: otherwise value defaults to run startTimeUtc
[Co-Chair] David Keaton: APPROVED
[Co-Chair] David Keaton: 4.3 Discussions
[Co-Chair] David Keaton: 4.3.1 Distinction between raw vs. hosted content [#226] 
[Co-Chair] David Keaton: https://github.com/oasis-tcs/sarif-spec/issues/226
[Co-Chair] David Keaton: Issue closed -- is that OK?
[Co-Chair] David Keaton: Leave it closed and add to #281 -- SDK issue
[Co-Chair] David Keaton: ADJOURNED

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]