Hi all, here is an agenda for our meeting tomorrow at 12:00 PM Pacific, copied below for convenience:
Agenda and Notes:
- Welcome new members!
- Anura Fernando, Underwriters Laboratories
- Ken Modeste, Underwriters Laboratories
- Sean Barnum, MITRE
- Upcoming Dates/Meetings
- Next OMG Spec Submission - February 24
- Next OMG Technical Meeting March 24 & 25 - Reston VA
- Discussion
- Model
- Approach
- Understand scenarios across existing communities
- Work together on model that encompases and extends
- TODO: address scenario/structural compatibility concerns
- SPDX - schedule meetings next week?
- Continue working through GitHub Issues
- CycloneDX - meeting scheduled on Friday at 4 Eastern
- TODO: Address naming compatibility concerns
- Sean investigating options (e.g. aliasing)
- Timing
- Target Feb 24
- Monitor based on progress over the coming week
- Scenarios - Kay
- Microsoft POC scenario as follows:
- Internal build system produces artifacts and SBOM 1
- Internal security scanning system
- receives SBOM 1
- scans SBOM 1 artifacts
- produces scan results
- produces SBOM 2
- Internal release system uses SBOM 2 to apply policy, verify and release SBOM 1 artifacts.