Please see my other mail. I think it’s unlikely that the result matching system we are building internally at Microsoft will populate this data, as result matching is a complex algorithm that is based on comparing files to each. You can’t compare lists of computed fingerprints to make the match. My other reply goes into some detail on this. From:
sarif@lists.oasis-open.org <
sarif@lists.oasis-open.org> On Behalf Of Larry Golding (Comcast) Sent: Wednesday, May 2, 2018 3:55 PM To:
sarif@lists.oasis-open.org Subject: [sarif] Editorial discretion: result management system SHOULD populate result.fingerprints Importance: High The text we approved says of result.fingerprints : “A result management system MAY populate this property.” But we really want to encourage result management systems to synthesize stable identifiers for the results they hold, so I propose (at editorial discretion) to change this to SHOULD . Please let me know if you disagree. Thanks, Larry