I tried to join several times yesterday. ------------ Kevin E. Greene (KevEG) The MITRE Corporation ?On 2/1/18, 8:35 PM, "
sarif@lists.oasis-open.org on behalf of David Keaton" <
sarif@lists.oasis-open.org on behalf of
dmk@dmk.com> wrote: Pooya Mehregan: Has the meeting started yet? Larry Golding: Not quite Please change your name from 'anonymous' using the Settings button anonymous morphed into [Co-Chair] David Keaton [Co-Chair] David Keaton: Audio:
https://meet.lync.com/microsoft/mikefan/RVLT09SG [Co-Chair] David Keaton: The agenda was just updated a second time. Please download the new one. Its title is "Revised**2 Agenda". [Co-Chair] David Keaton:
https://www.oasis-open.org/apps/org/workgroup/sarif/download.php/62431/agenda_20180131.html [Co-Chair] David Keaton: 11.2 James: SWAMP demo [Co-Chair] David Keaton: 11.3 Larry: SARIF Viewer for Visual Studio demo [Co-Chair] David Keaton: Consider a "future" issue for localization [Co-Chair] David Keaton: 11.4 Henny: Kestrel demo [Co-Chair] David Keaton: Break until 10:40, then review data files [Co-Chair] David Keaton: 11.5 Review data files [Co-Chair] David Keaton:
https://github.com/oasis-tcs/sarif-spec/tree/master/Tool%20Samples [Co-Chair] David Keaton: Review data files until 11:00 [Co-Chair] David Keaton: Discussed items found in data files [Co-Chair] David Keaton: Detailed review of CodeSonar data guided by Paul [Co-Chair] David Keaton: Anyone who wants to preserve a need they observed during the data file review, please type an abbreviated line about it in the chat trace. Michael C. Fanning1: new issue to consider, when specifying a code snippet, do we need a broader range for the snippet, then a more specific region of interest in the snippet Michael C. Fanning1: Does the call return code flow kind allow sufficient expressiveness to reflect a value that changes as a result of being passed as a reference/out arg? Michael C. Fanning1: should sarif carry information suitable for debugging a code flow (that, for example, returns a false positive) in addition to the information intended to literally be examined/diagnosed by the user? Michael C. Fanning1 morphed into Michael C. Fanning [Co-Chair] David Keaton: Break for lunch until 13:30 [Co-Chair] David Keaton: 12.1 (10.1 Enable traceability from converted SARIF file to original analysis tool log file [#66]) [Co-Chair] David Keaton:
https://github.com/oasis-tcs/sarif-spec/issues/66 [Co-Chair] David Keaton: What to do with "region" if the region is the whole file? [Co-Chair] David Keaton: Does absence of the "region" object mean the whole file? [Co-Chair] David Keaton: *** ACTION: Larry to write text to implement #66 and submit for review. [Co-Chair] David Keaton: 12.1 (10.3 Code flow enhancement items raised yesterday) [Co-Chair] David Keaton: Which items are most important for us to address? [Co-Chair] David Keaton: Michael: Luke's Type of code flow items e.g. call is both node and edge [Co-Chair] David Keaton: Michael: Michael's Event links [Co-Chair] David Keaton: Luke: Right selection of kinds? [Co-Chair] David Keaton: Michael: Exception types (annotated code location kind) [Co-Chair] David Keaton: Jim: Implicit code execution such as macros [Co-Chair] David Keaton: Jim: Implicit code execution such as macros [Co-Chair] David Keaton: Paul: Threads - separate flows [Co-Chair] David Keaton: Deep dive: Luke: Type of code flow items e.g. call is both node and edge [Co-Chair] David Keaton: 12.2 Walk through issues and determine which will be in Committee Specification Draft [Co-Chair] David Keaton: CSD.1 tag applied to all github issues that must be addressed before the first Committee Specification Draft [Co-Chair] David Keaton: #80 can be "addressed" by discussing it and implementing part of it [Co-Chair] David Keaton: *** ACTION: Larry and David will discuss citations for the list of hash algorithms. [Co-Chair] David Keaton: 12.3 Results management disscussion [Co-Chair] David Keaton: Michael: Want to discuss guiding principles for how much of this should be part of SARIF [Co-Chair] David Keaton: Items to consider: Validity, Confidence, Severity, Scheduling [Co-Chair] David Keaton: ID field, fingerprint, suppression state are what we need. The rest can be built outside of SARIF. [Co-Chair] David Keaton: 13. Discuss Next Steps [Co-Chair] David Keaton: Agree to hold more discussions on the github issues. [Co-Chair] David Keaton: Everybody should "Watch" the SARIF repo so they will see all the discussions. [Co-Chair] David Keaton: Plan: Editorial committee meetings next week and two weeks later. [Co-Chair] David Keaton: Changed Plan: Two editorial committee meetings, schedule TBD. [Co-Chair] David Keaton: *** DECISION: Two SARIF TC teleconferences, then CSD 1. [Co-Chair] David Keaton: *** DECISION: SARIF TC teleconference on February 28th at the usual time. [Co-Chair] David Keaton: *** ACTION: Michael will file an issue on Jim's concern about parsing paths that include . and .. *** DONE! (#86) [Co-Chair] David Keaton: *** DECISION: We will address all issues marked CSD.1 for the first Committee Specification Draft and will not address any issues not marked CSD.1 for the first CSD. [Co-Chair] David Keaton: *** DECISION: We will not address any results management issues except instance ID in CSD.1. --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php