Closed MarcinHoppe closed 3 years ago
New Agenda Item - Martin Prpic from Red Hat Product Security to come talk about CSAF and other industry data format efforts
New Agenda Item - Consideration of CERT/CC's VINCE platform as a possible mechanism for vuln. info sharing - https://kb.cert.org/vince/ https://www.sei.cmu.edu/news-events/news/article.cfm?assetid=641759
If we'd like to hear more, we can invite Art Manion & crew to come talk to us
The FIRST PSIRT SIG is endorsing open sourcing VINCE and supporting this tool. [edited to add additional URL for information]
@RedHatCRob I added this to the agenda for Monday if this is something you want to discuss with the WG.
I won't be able to attend the meeting today, but @RedHatCRob was kind enough to offer running the meeting today.
OK, today the group discussed our desired goals for the WG and endorsed the following:
1.) Identifying vulnerability disclosure pain points for OSS maintainers, consumers, and reporter/finders and take steps to address them through techniques like automation and standardized data formats.
2.) Documenting and promoting reasonable vulnerability disclosure and coordination practices within the OSS ecosystem for component maintainers and community members by providing documented standards and educational materials.
3.) Facilitate the development and adoption of standards-based OSS Vulnerability information that uses existing industry formats. and allows OSS projects of all sizes to be able to report, share, and learn about vulnerabilities within OSS components.
Hm, was the meeting recorded? I realized afterwards it wasn't declared as such.
Hm, was the meeting recorded? I realized afterwards it wasn't declared as such.
Arrg! Sorry all, I forgot to press the button. We did take notes in the gdoc (my hat is off to whomever paid such excellent attention & captured everything so well) - https://docs.google.com/document/d/1VAx4crIxhfHExTlUaGlcocYgB7pHfP2Eq8INYBZkqPM/edit?usp=sharing
No problem :) It might be a good idea to have that as a standard note in the agenda for future meetings so we don't forget.
No problem :) It might be a good idea to have that as a standard note in the agenda for future meetings so we don't forget.
+1
Nicole Schwartz (She/Her) amazonv@gmail.com
On Mon, Oct 5, 2020 at 9:34 AM Rimas Mocevicius notifications@github.com wrote:
No problem :) It might be a good idea to have that as a standard note in the agenda for future meetings so we don't forget.
+1
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ossf/wg-vulnerability-disclosures/issues/51#issuecomment-703710672, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAQBUWO42IFCHOXG7MMWNVDSJHRQNANCNFSM4R64RSAA .
Great notes! Thank you so much for taking them.
I will open a PR to store those notes here in this repo before we close this issue.
Time
Monday October 5th, 2020 7:00 AM Pacific
Links
The invite is also available on the OpenSSF Community Calendar.
Agenda
Notes