09/19/2024 - Delivery Meeting Minutes

[damienjburks]

Date

09/19/2024 - 11:30 ET / 16:30 UK

• Join Zoom Meeting
• Meeting ID: 930 1013 8669
• Passcode: 432980
• Copy this meeting to your calendar
• Find your local number

Meeting notices

• FINOS Project leads are responsible for observing the FINOS guidelines for running project meetings. Project maintainers can find additional resources in the FINOS Maintainers Cheatsheet.
• All participants in FINOS project meetings are subject to the LF Antitrust Policy, the FINOS Community Code of Conduct and all other FINOS policies.
• FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions.
• FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.

Agenda

• [x] Convene & roll call (5mins)
• [x] Display FINOS Antitrust Policy summary slide
• [x] Review Meeting Notices (see above)
• [x] Approve past meeting minutes
• [x] Project board walkthrough
• [x] Review template updates from PR #383
• [x] Discuss current state of the delivery tooling (and perhaps demo this)
  • [x] #338
• [x] AOB, Q&A & Adjourn (5mins)

Untracked attendees

• Fullname, Affiliation, (optional) GitHub username
• ...

[damienjburks]

Meeting Minutes

Attendee List:

• Damien Burks (FINOS CCC)
• Eddie Knight
• Michael Lysaght

Meeting Objective:
Discuss technical issues related to project development, particularly regarding MITRE framework integration and data structuring.

Agenda Overview:

1. Project updates and technical discussions.
2. Structuring and enforcing data for MITRE techniques.
3. Clarification of control mappings and requirements.

Detailed Discussion Points:

1. Initial Check-ins:

   • Damien Burks: Started the meeting with greetings and confirmed audio connections.
   • Eddie Knight: Confirmed his presence and exchanged pleasantries.

2. Mitre Template Integration:

   • Damien Burks: Discussed his progress on creating a template to dynamically link assets, specifically for the mitre framework.
   • Eddie Knight: Suggested adding prefixes to URLs as most of the structure remains consistent.

3. Discussion on Data Structuring:

   • Eddie Knight and Damien Burks: Discussed issues related to listing mitre tactics and techniques, highlighting the need for better structuring in their current template to avoid confusion with duplicated or unnecessary data.

4. Clarification on Control and Threat Mappings:

   • Eddie Knight: Suggested that mitre values should only be attached to threats, not controls.
   • Michael Lysaght: Agreed that techniques should be optional for controls, emphasizing the need to avoid mandatory tactics due to potential gaps in mitre’s coverage.

5. Decision on Data Requirements:

   • Michael Lysaght: Recommended that techniques should not be mandatory for all controls and threats. The tactic information can be derived from the technique, thus only the technique needs to be tracked.
   • Eddie Knight: Confirmed that he will update the PR to reflect these changes, removing unnecessary fields from the template and adjusting the data structure accordingly.

6. Action Items and Next Steps:

   • Eddie Knight: Will update the control struct in the schema and documentation to reflect the decision made about the mitre technique data structure.
   • Damien Burks: Will adjust the templates to match the new data structure, ensuring correct validation and rendering.

Additional Notes/Observations:

• The discussion highlighted the complexity of aligning internal data structures with external frameworks like mitre.
• A strong emphasis was placed on ensuring data integrity and consistency across templates to prevent errors in project outputs.

Action Items:

1. Eddie Knight: Update the PR to align the schema and documentation with the new structure focusing on mitre techniques for threats. (Deadline: Before next meeting)
2. Damien Burks: Modify templates and validate against new schema changes to ensure compatibility and correct data mapping. (Deadline: Before next meeting)
3. Michael Lysaght: Provide input on specific data mappings required from mitre to finalize the structure. (Deadline: As soon as possible)