1. Opening Activities
1.4 Approval of agenda (Co-Chair Keaton) URL = https://www.oasis-open.org/committees/download.php/62278/agenda_20180110.html
Laurence moves to approve. Michael Seconds
No discussion. No objection. Agenda approved
1.5 Approval of previous minutes [Minutes of 2017-11-29 Meeting#7] (Co-Chair Keaton) URL = https://www.oasis-open.org/committees/download.php/62128/sarif-minutes-20171129-meeting-7.html
Laurence moves, Michael seconds. Minutes approved unchanged as published
1.6 Review of action items and resolutions (Secretary Hagen) * Laurence did incorporate the changes for "Consider specifying a format for links embedded in our plain text messages [#61]" from the previous meeting * Editors formed a consolidated proposal for issues #61, #33, and #69 to be discussed this meeting * Ongoing action on Luke and the editors will work on examples for the extensions to code flows * Laurence added an issue for JSON ordering and further hints after the meeting: Issue #70 "Document recommendations for serialization order" URL = https://github.com/oasis-tcs/sarif-spec/issues/70 * Ongoing action on Nikolai to write proposal for rank
1.7 Identification of SARIF TC voting members (Co-Chair Cartey)
End of meeting Chris will regain voting rights
2. Future Meetings
2.1 Future meeting schedule (Co-Chair Keaton) Proposed face-to-face meeting February 8-9 suggested, Redmond, WA [Doodle poll to select from several options]
9 people can attempt when meeting at February 1st ... suggested to select that option?
Michael (host) will make it work!
Michael moves to meet on January 31, Februar 1st in redmond
Laurence seconds
no objections unanimous consent motion carries
Thanks to Microsoft to make this possible!
Proposed teleconferences (Wednesdays at 09:30 US Pacific time): February 21 (standard time) March 7 (standard time) March 21 (US daylight / EU standard) April 4 (daylight savings time) April 18 (daylight savings time) May 2 (daylight savings time) May 16 (daylight savings time) May 30 (daylight savings time)
David suggests to only now decide on the first, and decide the rest during the face 2 face
Laurence suggests to meet sooner than February 21, to enable progress after the face to face
All check the calendar
Any objections to meet on February 14?
Katrina will not be available
Hendrik w.r.t. the face to face: Is it possible to attend remotely (as Stefan also kindly requested remote access) and being 9 hours ahead of Redmond
Michael will try to provide telecom access and all may be able to concentrate some special parts in the morning to ease participation for European participants (timezone)
Poona also not able to participate in face to facee on site
michael moves for february 14, Laurence seconds
no discussion, no objection. Motion carries
3. Resolution of github issues (Co-Editor Fanning)
3.1 Editors' report URL = https://github.com/oasis-tcs/sarif-spec/blob/master/EditorsReports/Editor%27s%20report%202018-01-10.md
Laurence presents the editor's report
https://github.com/oasis-tcs/sarif-spec/blob/master/EditorsReports/Editor%27s%20report%202018-01-10.md [18:49] Stefan Hagen: Laurence presents the editor's report [18:53] Stefan Hagen: 3.2 Approval of reviewed changes 3.2.1 run.lang property needs a default value [#72] [18:54] Stefan Hagen: 3.2.2 Consider providing a physicalLocation on a stack frame [#69] 3.2.3 Consider specifying a format for links embedded in our plain text messages [#61] 3.2.4 Should we allow formatting in messages? [#33] 3.2.5 Approval of miscellaneous editorial changes [change draft] [18:57] Stefan Hagen: Jim proposes to change SHOULD NOT into SHALL NOT in some section [18:58] Stefan Hagen: Laurence agrees [18:59] Stefan Hagen: Both discuss the specifics [18:59] Stefan Hagen: Jim especially would like to prohibit the file protocol [19:00] Stefan Hagen: ... as when opening a eb page, the browser tries to open files on the local computer [19:00] Stefan Hagen: s/ eb/web/ [19:01] Stefan Hagen: All discuss [19:07] Stefan Hagen: Chair in Speakerqueue [19:10] Stefan Hagen: David asks if we are discussion issue 61? [19:10] Stefan Hagen: Yes we discuss 61 [19:11] Stefan Hagen: David suggests to take issue 61 out of the vote [19:12] Stefan Hagen: Michael alternatively suggests we approve the changes to #61 and subsequently someone opens an issue to change the SHOULD NOT into a SHALL NOT [19:13] Stefan Hagen: Laurence suggests still a variant: Move all issues and include the single change from SHOULD NOT into SHALL NOT. And then put a new issue w.r.t. the URL topic (security) [19:13] Stefan Hagen: Laurence moves that all issues 72, 69, 61, and 33 be resolved with the single change from SHOULD NOT to SHALL NOT. Michael seconds [19:14] Stefan Hagen: no discussion, no objections, motion carries [19:14] Stefan Hagen: 3.3 Announce final review of proposals 3.3.1 Announcement of any issues ready for review [19:14] Stefan Hagen: 3.3 Announce final review of proposals 3.3.1 Announcement of any issues ready for review [19:15] Stefan Hagen: Larry walks all through changes like alphabetising terms and ensuring syntax is harmonised [19:16] Stefan Hagen: David suggests, that things like alphabetising is purely editorial, later present this to all in future meeting [19:16] Stefan Hagen: Laurence shortly explains, that the grammar representation is in need to be harmonised [19:17] Stefan Hagen: David suggests to go ahead and present in future meeting [19:17] Stefan Hagen: Laurence opened issue #74 for writing the conformance section [19:18] Larry Golding:
http://docs.oasis-open.org/templates/TCHandbook/ConformanceGuidelines.html [19:18] Stefan Hagen: Laurence offers some links for seeding the discussion [19:18] Larry Golding:
https://www.oasis-open.org/apps/org/workgroup/ioc/download.php/305/conformance_requirements-v1.pdf?referring_url=%2Fkws [19:20] Stefan Hagen: Finally #75 there is a bug in the spec revision about uniqueness of locations in some cases [19:21] Michael C. Fanning:
https://github.com/oasis-tcs/sarif-spec/issues/71 [19:21] Stefan Hagen: Brought to the table here by Laurence [19:22] Stefan Hagen: ... issue #75 i.e. [19:22] Stefan Hagen: Michael shortly presents a list of fresh issues [19:24] Stefan Hagen: Michael will send a mail at the end of the week containing a proposal about next steps [19:24] Stefan Hagen: 3.4 Resolve items discussed at earlier meetings 3.4.1 Consider adding 'rank' or 'probability' property [#58] [19:25] Stefan Hagen: Michael asks, if there is still need for discussion [19:26] Stefan Hagen: Laurence reminds, that Nikolai had expressed interest and is not present today [19:26] Stefan Hagen: Michael suggests to send a mail, otherwise table that [19:26] Stefan Hagen: 3.4.2 Extensions to code flows Add ACL.annotations member [#30] Represent exceptions in code flows [#28] Should the result object support graph information? [#46] [19:27] Stefan Hagen: First annotated code location #30 [19:27] Stefan Hagen: Michael presents the current state of proposal / discussion [19:29] Stefan Hagen: Laurence adds a summary [19:36] Stefan Hagen: Speakerqueu has Paul Luke Mel and Katrina [19:37] Stefan Hagen: All discuss [19:38] Michael C. Fanning:
https://github.com/oasis-tcs/sarif-spec/issues/30 [19:43] Stefan Hagen: Speaker queue holds Mel and Katrina [19:47] Stefan Hagen: All still discuss issue #30 [19:47] Stefan Hagen: SpeakerQueue has Katrina and Jim [19:54] Luke Cartey: I'm afraid I need to drop off the call now - apologies for not being able to stay for the last half an hour [19:57] Stefan Hagen: Speaker queue empty [19:58] Stefan Hagen: Represent exceptions in code flows [#28]
https://github.com/oasis-tcs/sarif-spec/issues/28 [19:59] Stefan Hagen: Michael shortly introduces the issue and history of it [20:02] Stefan Hagen: Speaker queue has Katrina and Paul [20:02] Stefan Hagen: All discuss [20:04] Stefan Hagen: Speaker queue empty [20:04] Stefan Hagen: Jim in Speakerqueue [20:07] Stefan Hagen: Should the result object support graph information? [#46]
https://github.com/oasis-tcs/sarif-spec/issues/46 [20:08] Stefan Hagen: Michael summarises the issue [20:09] Michael C. Fanning:
https://github.com/oasis-tcs/sarif-spec/issues/71 [20:09] Stefan Hagen: #71 is related to #46 [20:14] anonymous morphed into Mel Llaguno [20:15] Stefan Hagen: Speaker queue: Paul [20:16] Stefan Hagen: Laurence enters Speakerqueue [20:17] Stefan Hagen: All discuss. Paul mentions the possible enormous amount of data and parser tasks if including graphs (esp. if not constrained graphs of what) [20:18] Stefan Hagen: Speaker queue empty [20:18] Stefan Hagen: Jim enters Speakerqueue [20:19] Stefan Hagen: time check 10 minutes meeting time left [20:21] Stefan Hagen: 3.4.3 Consider restructuring SARIF to be location, not results-focused [#55]
https://github.com/oasis-tcs/sarif-spec/issues/55 Skipped 3.5 Begin discussions 3.5.1 Consider a tool validation or 'selectivity' annotation [#59]
https://github.com/oasis-tcs/sarif-spec/issues/59 Skipped 4. Other Business [20:22] Stefan Hagen: None 5. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end) 5.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair Keaton) 5.2 Review of Decisions Reached (Secretary Hagen) * Face to face 2018-01-31 and 2018-02-01 agreed * Issues 72, 69, 61, and 33 be resolved with the single change from SHOULD NOT to SHALL NOT 5.3 Review of Action Items (Secretary Hagen) * Ongoing action on Luke and the editors will work on examples for the extensions to code flows * Ongoing action on Nikolai to write proposal for rank 6. Next Meeting January 31 - February 01, 2018, Redmond, WA (in-person) 7. Adjournment [20:25] Stefan Hagen: Meeting adjourned Meeting Attendees Company Name Role ------------------- ------------------- ------------- GrammaTech, Inc. Paul Anderson Voting Member SWAMP Vamshi Basupalli Voting Member RIPS Technologies Hendrik Buchwald Member Semmle Luke Cartey Chair Microsoft Michael Fanning Voting Member Individual Laurence Golding Voting Member Mitre Corporation Kevin Greene Member Individual Stefan Hagen Secretary Micro Focus Larry Hines Voting Member Individual David Keaton Chair SWAMP Jim Kupsch Voting Member Synopsys Mel Llaguno Voting Member Security Compass Pooya Mehregan Voting Member Micro Focus Yekaterina O'Neil Voting Member Kestrel Technology Henny Sipma Voting Member CA Technologies Chris Wysopal Member ------------------- ------------------- ------------- Meeting Statistics Quorum rule 51% of voting members Achieved quorum yes Individual Attendance Contributing Members: 16 of 33 (48%) Voting Members: 13 of 18 (72%) (used for quorum calculation) Company Attendance Contributing Companies: 12 of 21 (57%) Voting Companies: 9 of 11 (81%)