OHDF TC Meeting

When:  Jan 10, 2024 from 17:00 to 18:00 (UTC)
Description:

Topic: OHDF January 2024 Meeting
Time: Jan 10, 2024 12:00 PM Eastern Time (US and Canada)

Join ZoomGov Meeting
https://mitre.zoomgov.com/j/1615093982

Meeting ID: 161 509 3982
One tap mobile
+16692545252,,1615093982# US (San Jose)
+16468287666,,1615093982# US (New York)

Dial by your location
        +1 669 254 5252 US (San Jose)
        +1 646 828 7666 US (New York)
        +1 646 964 1167 US (US Spanish Line)
        +1 551 285 1373 US (New Jersey)
        +1 669 216 1590 US (San Jose)
        +1 415 449 4000 US (US Spanish Line)
Meeting ID: 161 509 3982
Find your local number: https://mitre.zoomgov.com/u/aeBviT6wQp

Join by SIP
1615093982@sip.zoomgov.com

Join by H.323
161.199.138.10 (US West)
161.199.136.10 (US East)
Meeting ID: 161 509 3982



==========
Agenda:
  • Introductions from the TC leadership (MITRE, industry leaders, OASIS Open personnel)
  • Establishing regular TC cadence
    • Current suggestion: Monthly
  • Current state of OHDF
  • Plans for next phase of activity
    • Capture and formalize current OHDF schema
      • Current suggestion: use [NIST Metaschema](https://pages.nist.gov/metaschema/)
      •  Open call for other suggestions from TC
      • Resolves open PR on [Seed Contribution InSpecJS Schemas](https://github.com/oasis-tcs/ohdf/pull/4)
    • Develop the next data elements to be established for OHDF v1.0 draft
      • Current suggestions:
        • "Target Data" -- the system to which the OHDF data pertains
        • "Overall Control Status" -- dictates the "final" state of the control after all post-processing (attestations, waivers, etc.) is applied; can be used to override control state via attestations and waivers
        • "Run Identifier" -- a UUID of some kind to differentiate the same OHDF-formatted scan run against the same target multiple times
          • Resolves issues raised by users regarding OHDF not having any IDs for individual runs
        • "Adjudicated Control" -- boolean which is flipped to True if the Overall Control Status was changed by an attestation or waiver
          • Resolves concerns that attestations and waivers could be a "thumb on the scale" that would not be clear from the OHDF data
  • Next datatype integration research
    • Current suggestion: Integrating SBOM data into OHDF
    • Open call for other suggestions from TC
  • Open floor for TC members


==========
Minutes:

==========
Attendance:
Meeting Statistics
Quorum rule 51% of voting members
Achieved quorum no
Individual Attendance Guest Attendees: 2
Observing Members: 1 of 5 (20%)
Contributing Members: 6 of 29 (20%)
Voting Members: 6 of 15 (40%) (used for quorum calculation)
Company Attendance Contributing Companies: 4 of 15 (26%)
Voting Companies: 4 of 10 (40%)

Related Content