Hi all,
here is an agenda for our meeting tomorrow at 12:00 PM Pacific, copied below for convenience:
Agenda and Notes:
-
Welcome new members!
-
Anura Fernando, Underwriters Laboratories
-
Ken Modeste, Underwriters Laboratories
-
Sean Barnum, MITRE
-
Upcoming Dates/Meetings
-
Next OMG Spec Submission - February 24
-
Next OMG Technical Meeting March 24 & 25 - Reston VA
-
Registration information
here
-
Agenda outline
here
-
Discussion
-
Understand scenarios across existing communities
-
Work together on model that encompases and extends
-
TODO: address scenario/structural compatibility concerns
-
SPDX - schedule meetings next week?
-
Continue working through GitHub Issues
-
CycloneDX - meeting scheduled on Friday at 4 Eastern
-
TODO: Address naming compatibility concerns
-
Sean investigating options (e.g. aliasing)
-
Timing
-
Target Feb 24
-
Monitor based on progress over the coming week
-
Scenarios - Kay
-
Microsoft POC scenario as follows:
-
Internal build system produces artifacts and SBOM 1
-
Internal security scanning system
-
receives SBOM 1
-
scans SBOM 1 artifacts
-
produces scan results
-
produces SBOM 2
-
Internal release system uses SBOM 2 to apply policy, verify and release SBOM 1 artifacts.
|