From df4279196dd870b15864ccf94946915e9de40a96 Mon Sep 17 00:00:00 2001 From: Stefan Hagen Date: Wed, 20 Nov 2024 14:53:44 +0100 Subject: [PATCH 1/8] Meeting 2024-11-20 minutes pre-meeting draft --- meeting-minutes/2024-11-20.md | 113 ++++++++++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 meeting-minutes/2024-11-20.md diff --git a/meeting-minutes/2024-11-20.md b/meeting-minutes/2024-11-20.md new file mode 100644 index 0000000..0208305 --- /dev/null +++ b/meeting-minutes/2024-11-20.md @@ -0,0 +1,113 @@ +# 1. Opening Activities + +## 1.1 Opening comments (Co-Chair) + +## 1.2 Introduction of participants/roll call (Co-Chair) + +Quorum requires participation of 9 or more of the 17 voting members (including the officers). + +| First Name | Last Name | Company | Role(s) | Present | +|:-----------|:-----------|:------------------------------------------------------------|:--------------------------|:--------| +| Adrian | Diglio | Microsoft | Voting Member | ?? | +| David | Kemp | National Security Agency | Member | ?? | +| Denny | Page | Individual | Voting Member | ?? | +| Duncan | Sparrell | sFractal Consulting LLC | Voting Member | ?? | +| Feng | Cao | Oracle | Member | ??? | +| Harin | Sarda | Cisco Systems | Voting Member | ??? | +| Jautau | White | Microsoft | Voting Member | ??? | +| Jeremy | Rickard | Microsoft | Member | ?? | +| Justin | Murphy | DHS Cybersecurity and Infrastructure Security Agency (CISA) | Co-Chair | ??? | +| Kris | Vandecruys | Cisco Systems | Voting Member | ??? | +| Kunal | Modasiya | Qualys, Inc. | Member | ?? | +| Langley | Rock | Dell | Voting Member | ?? | +| Martin | Prpic | Red Hat | Voting Member | ?? | +| Omar | Santos | Cisco Systems | Co-Chair | ??? | +| Pablo | Quiroga | Qualys, Inc. | Voting Member | ?? | +| Peter | Gephardt | IBM | Member | ?? | +| Przemyslaw | Roguski | Red Hat | Voting Member | ??? | +| Shridhar | Chari | Cisco Systems | Member | ??? | +| Sonny | van Lingen | Huawei Technologies Co., Ltd. | Voting Member | ??? | +| Stefan | Arntzen | Huawei Technologies Co., Ltd. | Voting Member | ??? | +| Stefan | Hagen | Individual | Secretary, taking notes | ??? | +| Thomas | Proell | Siemens | Member | ?? | +| Thomas | Schaffer | Cisco Systems | Voting Member | ??? | +| Thomas | Schmidt | Federal Office for Information Security (BSI) Germany | Voting Member | ??? | +| Tobias | Limmer | Siemens | Member | ?? | + +Quorum was ... reached (... voting members present) + +## 1.3 Procedures for this meeting (Moderator) + +## 1.4 Approval of agenda + +* Roll Call +* Updates: + * Discussion on various term use across the industry +* Approval of previous meeting minutes (motions carried out per e-mail motions) +* Review of outstanding issues and pull requests marked for TC discussion: https://github.com/oasis-tcs/openeox +* Next steps + +## 1.5 Approval of previous minutes (Moderator) + +None (motions carried out already per e-mail motions). + +## 1.6 Review of action items and resolutions (Secretary Stefan) + +None + +## 1.7 Identification of TC voting members (Secretary) + +### 1.7.1 Prospective voting members attending their first meeting + +### 1.7.2 Members attaining voting rights at the end of this meeting + +### 1.7.3 Members losing voting rights if they have not joined this meeting by the time it ends + +### 1.7.4 Members who previously lost voting rights who are attending this meeting + +### 1.7.5 Members who have declared a leave of absence + +# 2. Future Meetings + +## 2.1 Future meeting schedule (Secretary) + +- Scheduled Teleconferences (Wednesday at 09:00 PT / 12:00 ET / 18:00 CET / **17:00** UTC for 1 hour) + + ``` + December 18, 2024 + ``` + - regrets from Stefan Hagen + +# 3. Discussion + +- ... + +## 3.1 Next steps + +* Keep on discussng on GitHub and mailing list + +# 4. Other Business + +... + +# 5. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end) + +## 5.1 End debate of other issues by 10 minutes prior to scheduled meeting end and follow the agenda from this point (Co-Chair) + +## 5.2 Review of Decisions Reached (Secretary) + +DECISION to ... + +## 5.3 Review of Action Items (Secretary) + +ACTION on ... + +# 7. Next Meeting + + ``` + December 18, 2024 + ``` + +# 8. Adjournment + +Meeting was ... From 2bc4f8504fc51f23c6cba02452a457ed16aeba02 Mon Sep 17 00:00:00 2001 From: Stefan Hagen Date: Wed, 20 Nov 2024 19:02:10 +0100 Subject: [PATCH 2/8] post-meeting draft --- meeting-minutes/2024-11-20.md | 118 ++++++++++++++++++++++++---------- 1 file changed, 85 insertions(+), 33 deletions(-) diff --git a/meeting-minutes/2024-11-20.md b/meeting-minutes/2024-11-20.md index 0208305..6ad1345 100644 --- a/meeting-minutes/2024-11-20.md +++ b/meeting-minutes/2024-11-20.md @@ -8,33 +8,33 @@ Quorum requires participation of 9 or more of the 17 voting members (including t | First Name | Last Name | Company | Role(s) | Present | |:-----------|:-----------|:------------------------------------------------------------|:--------------------------|:--------| -| Adrian | Diglio | Microsoft | Voting Member | ?? | -| David | Kemp | National Security Agency | Member | ?? | -| Denny | Page | Individual | Voting Member | ?? | -| Duncan | Sparrell | sFractal Consulting LLC | Voting Member | ?? | -| Feng | Cao | Oracle | Member | ??? | -| Harin | Sarda | Cisco Systems | Voting Member | ??? | -| Jautau | White | Microsoft | Voting Member | ??? | -| Jeremy | Rickard | Microsoft | Member | ?? | -| Justin | Murphy | DHS Cybersecurity and Infrastructure Security Agency (CISA) | Co-Chair | ??? | -| Kris | Vandecruys | Cisco Systems | Voting Member | ??? | -| Kunal | Modasiya | Qualys, Inc. | Member | ?? | -| Langley | Rock | Dell | Voting Member | ?? | -| Martin | Prpic | Red Hat | Voting Member | ?? | -| Omar | Santos | Cisco Systems | Co-Chair | ??? | -| Pablo | Quiroga | Qualys, Inc. | Voting Member | ?? | -| Peter | Gephardt | IBM | Member | ?? | -| Przemyslaw | Roguski | Red Hat | Voting Member | ??? | -| Shridhar | Chari | Cisco Systems | Member | ??? | -| Sonny | van Lingen | Huawei Technologies Co., Ltd. | Voting Member | ??? | -| Stefan | Arntzen | Huawei Technologies Co., Ltd. | Voting Member | ??? | -| Stefan | Hagen | Individual | Secretary, taking notes | ??? | -| Thomas | Proell | Siemens | Member | ?? | -| Thomas | Schaffer | Cisco Systems | Voting Member | ??? | -| Thomas | Schmidt | Federal Office for Information Security (BSI) Germany | Voting Member | ??? | -| Tobias | Limmer | Siemens | Member | ?? | - -Quorum was ... reached (... voting members present) +| Adrian | Diglio | Microsoft | Voting Member | NO | +| David | Kemp | National Security Agency | Member | NO | +| Denny | Page | Individual | Voting Member | YES | +| Duncan | Sparrell | sFractal Consulting LLC | Voting Member | NO | +| Feng | Cao | Oracle | Member | YES | +| Harin | Sarda | Cisco Systems | Voting Member | YES | +| Jautau | White | Microsoft | Voting Member | YES | +| Jeremy | Rickard | Microsoft | Member | NO | +| Justin | Murphy | DHS Cybersecurity and Infrastructure Security Agency (CISA) | Co-Chair | YES | +| Kris | Vandecruys | Cisco Systems | Voting Member | YES | +| Kunal | Modasiya | Qualys, Inc. | Member | NO | +| Langley | Rock | Dell | Voting Member | YES | +| Martin | Prpic | Red Hat | Voting Member | NO | +| Omar | Santos | Cisco Systems | Co-Chair | YES | +| Pablo | Quiroga | Qualys, Inc. | Voting Member | YES | +| Peter | Gephardt | IBM | Member | NO | +| Przemyslaw | Roguski | Red Hat | Voting Member | YES | +| Shridhar | Chari | Cisco Systems | Member | NO | +| Sonny | van Lingen | Huawei Technologies Co., Ltd. | Voting Member | YES | +| Stefan | Arntzen | Huawei Technologies Co., Ltd. | Voting Member | YES | +| Stefan | Hagen | Individual | Secretary, taking notes | YES | +| Thomas | Proell | Siemens | Member | NO | +| Thomas | Schaffer | Cisco Systems | Voting Member | NO | +| Thomas | Schmidt | Federal Office for Information Security (BSI) Germany | Voting Member | YES | +| Tobias | Limmer | Siemens | Member | NO | + +Quorum was reached (13 voting members present) ## 1.3 Procedures for this meeting (Moderator) @@ -42,11 +42,22 @@ Quorum was ... reached (... voting members present) * Roll Call * Updates: - * Discussion on various term use across the industry + * Happy (belated) birthday OpenEOX! + * CSAF Community Days Dec 12th and 13th + * +* CVE and CPE discussion (Feng and Przemyslaw) * Approval of previous meeting minutes (motions carried out per e-mail motions) * Review of outstanding issues and pull requests marked for TC discussion: https://github.com/oasis-tcs/openeox + * [Meeting minutes August and September #50](https://github.com/oasis-tcs/openeox/issues/50) + * [CISA proposed definition for "security support" as part of NCSIP Initiative 3.3.2 #51](https://github.com/oasis-tcs/openeox/issues/51) + * [End-of-Software Maintenance #29](https://github.com/oasis-tcs/openeox/issues/29) + * based onn last month's discussion for [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38) + * [End-of-Security Vulnerability Support #32](https://github.com/oasis-tcs/openeox/issues/32) + * [Suggested new optional field "successor" #3](https://github.com/oasis-tcs/openeox/issues/3) * Next steps +Agenda aggreed. + ## 1.5 Approval of previous minutes (Moderator) None (motions carried out already per e-mail motions). @@ -57,6 +68,8 @@ None ## 1.7 Identification of TC voting members (Secretary) +- the roster is out of sync so no statements on member status changes possible during meeting + ### 1.7.1 Prospective voting members attending their first meeting ### 1.7.2 Members attaining voting rights at the end of this meeting @@ -80,7 +93,26 @@ None # 3. Discussion -- ... +- [Meeting minutes August and September #50](https://github.com/oasis-tcs/openeox/issues/50) + - Stefan: Please provide the recordings to fix the roster + - Justin: Will see that the recordings will be sent to Stefan for extracting +- [CISA proposed definition for "security support" as part of NCSIP Initiative 3.3.2 #51](https://github.com/oasis-tcs/openeox/issues/51) + - Justin: Motivates the issue and invites everyone to discuss the proposed definition in the issue + - Langley: We are not responding to security events or security incidents but not to security risks +- [End-of-Software Maintenance #29](https://github.com/oasis-tcs/openeox/issues/29) + - ... based onn last month's discussion for [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38) + - Justin: Moves to close the issue [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38) + - Przemyslaw: Seconds + - No discussion, all in favor, motion acarries + - Przemyslaw: Updated the proposal to focus (at least for now) on only the end of periods and to allow specification of scopes + - Langley: Coupling feature with security updates? Feature is evolution, while maintenance is conserving, no? + - Przemyslaw: Agrees. The scopes present were added as examples + - Feng: Example term support; We may have a problem with not yet having agreed on universal definitions for support which may be different from supplier to supplier + - Przemyslaw: Such scopes may be defined per supplier, do not have to be universal +- [End-of-Security Vulnerability Support #32](https://github.com/oasis-tcs/openeox/issues/32) + - Skipped +- [Suggested new optional field "successor" #3](https://github.com/oasis-tcs/openeox/issues/3) + - Skipped ## 3.1 Next steps @@ -88,7 +120,27 @@ None # 4. Other Business -... +- Feng: Submitted use cases and thinks these should be discussed before being able to practically discuss terms +- Thomas Schmidt: Yes, but should not block discussions on terms + - Cf. split per: + - + - +- Langley: Agrees that soime commonality need sto be reached +- Przemyslaw: Thinks we already discussed and agreed; in any case we should progress towards a minimal viable product like set of definitions / schema +- Justin: Place use cases discussion on agenda for December meeting +- Thomas: Open to both sequences of steps; the schema can always follow. If we need discuss scenarios first, we should follow, but we should progress no matter in which order. +- Feng: Emphasizes his priority for reaching a common ground to be able to place OpenEOX on the market place +- Justin: Proposes to invite everysone to visit the submitted scenarios and for others to submit or modify missing or incomplete scenarios and then follow over the next couple of meetings to share the scenarios +- Sonny: Maybe use a full day or even a face to face meeting with a white board to discuss? +- Justin: We could add an extra meeting for that purpose and bring back the resulkts to the regular TC meetings +- Thomas Schmidt: Feel free to use the CSAF Community Days for such discussions +- Justin: Repeats his proposal and likes to progress with the issues noted on the draft agenda +- Pablo: Likes us to summarize where we are on next meeting and create a timeline to not rush but also share a common plan to ensure progress monitoring; iterations but no cycles +- Justin: Likes that and proposes that during the December and January 2025 meeting everyone presents their use cases / scenarios in say 15 minute time slots to then produce a rough timeline +- Przemyslaw: Let us go for that and he even likes to present their use cases first +- Justin: Let us start with 3 people starting please notify when you are ready +- Jautau: Maybe we will lose relevance when instead of end of maintenance we allow to state enf of whatever mean with maintenance +- Thomas: Encourages everyone to provide input so that together we can decide the way forward # 5. Resolutions and Decisions reached (by 10 minutes prior to scheduled meeting end) @@ -96,11 +148,11 @@ None ## 5.2 Review of Decisions Reached (Secretary) -DECISION to ... +DECISION to present use cases and scenarios during the December and January (2025) meetings ## 5.3 Review of Action Items (Secretary) -ACTION on ... +ACTION on all to prepare and propose 15 minute presentations of use cases and scenarios for December and January (2025) meetings # 7. Next Meeting @@ -110,4 +162,4 @@ ACTION on ... # 8. Adjournment -Meeting was ... +Meeting was adjourned. From b56a476aef9444db7a0265cc6bc5275d393bf5bc Mon Sep 17 00:00:00 2001 From: Justin Murphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 20 Nov 2024 16:28:57 -0500 Subject: [PATCH 3/8] remove the extra "not" --- meeting-minutes/2024-11-20.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-minutes/2024-11-20.md b/meeting-minutes/2024-11-20.md index 6ad1345..a4ca4f5 100644 --- a/meeting-minutes/2024-11-20.md +++ b/meeting-minutes/2024-11-20.md @@ -98,7 +98,7 @@ None - Justin: Will see that the recordings will be sent to Stefan for extracting - [CISA proposed definition for "security support" as part of NCSIP Initiative 3.3.2 #51](https://github.com/oasis-tcs/openeox/issues/51) - Justin: Motivates the issue and invites everyone to discuss the proposed definition in the issue - - Langley: We are not responding to security events or security incidents but not to security risks + - Langley: We are responding to security events or security incidents, but not to security risks - [End-of-Software Maintenance #29](https://github.com/oasis-tcs/openeox/issues/29) - ... based onn last month's discussion for [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38) - Justin: Moves to close the issue [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38) From b1fa894435cf25aa17d75519b923be32e37cc1f9 Mon Sep 17 00:00:00 2001 From: Stefan Hagen Date: Thu, 21 Nov 2024 20:37:53 +0100 Subject: [PATCH 4/8] Nits: Fixed some typos --- meeting-minutes/2024-11-20.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meeting-minutes/2024-11-20.md b/meeting-minutes/2024-11-20.md index a4ca4f5..cc3d064 100644 --- a/meeting-minutes/2024-11-20.md +++ b/meeting-minutes/2024-11-20.md @@ -125,8 +125,8 @@ None - Cf. split per: - - -- Langley: Agrees that soime commonality need sto be reached -- Przemyslaw: Thinks we already discussed and agreed; in any case we should progress towards a minimal viable product like set of definitions / schema +- Langley: Agrees that some commonality needs to be reached +- Przemyslaw: Thinks we already discussed and agreed; in any case we should progress towards a "minimal viable product"-like set of definitions / schema - Justin: Place use cases discussion on agenda for December meeting - Thomas: Open to both sequences of steps; the schema can always follow. If we need discuss scenarios first, we should follow, but we should progress no matter in which order. - Feng: Emphasizes his priority for reaching a common ground to be able to place OpenEOX on the market place From 620658f911103d111f6412ac53e16279122b08de Mon Sep 17 00:00:00 2001 From: Stefan Hagen Date: Fri, 22 Nov 2024 23:23:34 +0100 Subject: [PATCH 5/8] nit: fixed typo Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- meeting-minutes/2024-11-20.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-minutes/2024-11-20.md b/meeting-minutes/2024-11-20.md index cc3d064..e1331fc 100644 --- a/meeting-minutes/2024-11-20.md +++ b/meeting-minutes/2024-11-20.md @@ -100,7 +100,7 @@ None - Justin: Motivates the issue and invites everyone to discuss the proposed definition in the issue - Langley: We are responding to security events or security incidents, but not to security risks - [End-of-Software Maintenance #29](https://github.com/oasis-tcs/openeox/issues/29) - - ... based onn last month's discussion for [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38) + - ... based on last month's discussion for [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38) - Justin: Moves to close the issue [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38) - Przemyslaw: Seconds - No discussion, all in favor, motion acarries From 0a9c644911731f6a0d0f53abb6c8ae4cb42ac748 Mon Sep 17 00:00:00 2001 From: Stefan Hagen Date: Fri, 22 Nov 2024 23:23:51 +0100 Subject: [PATCH 6/8] Nit: Fixed typo Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- meeting-minutes/2024-11-20.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-minutes/2024-11-20.md b/meeting-minutes/2024-11-20.md index e1331fc..4370781 100644 --- a/meeting-minutes/2024-11-20.md +++ b/meeting-minutes/2024-11-20.md @@ -103,7 +103,7 @@ None - ... based on last month's discussion for [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38) - Justin: Moves to close the issue [Using "End" word in the lifecycle definitions #38](https://github.com/oasis-tcs/openeox/issues/38) - Przemyslaw: Seconds - - No discussion, all in favor, motion acarries + - No discussion, all in favor, motion carries - Przemyslaw: Updated the proposal to focus (at least for now) on only the end of periods and to allow specification of scopes - Langley: Coupling feature with security updates? Feature is evolution, while maintenance is conserving, no? - Przemyslaw: Agrees. The scopes present were added as examples From f030e66d6a29ab0a5fc2938ce5c7dba6b9d01657 Mon Sep 17 00:00:00 2001 From: Stefan Hagen Date: Fri, 22 Nov 2024 23:24:27 +0100 Subject: [PATCH 7/8] Feedback from Thomas Schmidt Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- meeting-minutes/2024-11-20.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/meeting-minutes/2024-11-20.md b/meeting-minutes/2024-11-20.md index 4370781..208a012 100644 --- a/meeting-minutes/2024-11-20.md +++ b/meeting-minutes/2024-11-20.md @@ -105,7 +105,8 @@ None - Przemyslaw: Seconds - No discussion, all in favor, motion carries - Przemyslaw: Updated the proposal to focus (at least for now) on only the end of periods and to allow specification of scopes - - Langley: Coupling feature with security updates? Feature is evolution, while maintenance is conserving, no? + - Langley: Coupling feature with security updates? + - Jautau: Feature is evolution, while maintenance is conserving, no? - Przemyslaw: Agrees. The scopes present were added as examples - Feng: Example term support; We may have a problem with not yet having agreed on universal definitions for support which may be different from supplier to supplier - Przemyslaw: Such scopes may be defined per supplier, do not have to be universal From a89a3551486f388fd4a3452a9297729ad56ba8e7 Mon Sep 17 00:00:00 2001 From: Stefan Hagen Date: Fri, 22 Nov 2024 23:25:03 +0100 Subject: [PATCH 8/8] Nit: typo Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com> --- meeting-minutes/2024-11-20.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meeting-minutes/2024-11-20.md b/meeting-minutes/2024-11-20.md index 208a012..2daf65b 100644 --- a/meeting-minutes/2024-11-20.md +++ b/meeting-minutes/2024-11-20.md @@ -133,7 +133,7 @@ None - Feng: Emphasizes his priority for reaching a common ground to be able to place OpenEOX on the market place - Justin: Proposes to invite everysone to visit the submitted scenarios and for others to submit or modify missing or incomplete scenarios and then follow over the next couple of meetings to share the scenarios - Sonny: Maybe use a full day or even a face to face meeting with a white board to discuss? -- Justin: We could add an extra meeting for that purpose and bring back the resulkts to the regular TC meetings +- Justin: We could add an extra meeting for that purpose and bring back the results to the regular TC meetings - Thomas Schmidt: Feel free to use the CSAF Community Days for such discussions - Justin: Repeats his proposal and likes to progress with the issues noted on the draft agenda - Pablo: Likes us to summarize where we are on next meeting and create a timeline to not rush but also share a common plan to ensure progress monitoring; iterations but no cycles