Acting chair: Omar
Chat transcript from room: csaf From 2017-03-29 18:04 UTC until 18:26 UTC
Omar: Called the meeting to order @ 1:04 EST (18:04 UTC).
Omar: Announces that without quorum we will start with informative items
To avoid future complications, if you plan to not participate regularly, please do consider to become a persistent non-voting member.
- This avoids periodically gaining and losing voting rights for the member requesting, and
- facilitates the groups work through reducing the risk of non-quorate meetings.
To become a persistent non-voting member is easy:
- A simple mail to the officers stating that request will suffice for the requester.
- The officers will subsequently edit the roster accordingly
- and inform the requester about the changed status. Thanks!
A roll call was taken,and also recorded on the OASIS meeting calendar - quorum was not reached!
The minutes are provided to document the participation and to inform on what was discussed among the participants during the meeting.
All participants were kindly encouraged to registrate themselves to optimize the use of the shared time during the meeting in one of two ways:
Either click the link with the text "Register my attendance" on the top of the event page or directly visit the per event direct "record my attendace link":
Art Manion (Carnegie Mellon University) Beth Pumo (Kaiser Permanente) Chok Poh (Oracle) Feng Cao (Oracle) Harold Booth (NIST) Jonathan Bitle (Kaiser Permanente) Karen Scarfone (Individual) Louis Ronnau (Cisco Systems) Omar Santos (Cisco Systems) Phillip Boles (FireEye, Inc.) Stefan Hagen (Individual)
Note: While the default rule requires attendance at 3 of the 5 most recent meetings, only 4 meetings have been held before this meeting. Voting members must have attended at least 2 of the last 4 meetings.
Denny Page (TIBCO Software Inc.) Eric Johnson (TIBCO Software Inc.) Jared Semrau (FireEye, Inc.) Masato Terada (Hitachi, Ltd.) Troy Fridley (Cisco Systems) Zach Turk (Microsoft)
Note: Observers of this committee that are ready to become Members should follow the specific instructions displayed the OASIS Open Notices tab.
Bret Jordan (Symantec Corp.) Bruce Rich (Cryptsoft Pty Ltd.) David Waltermire (NIST) Jason Keirstead (IBM) - (left the group) Kent Landfield (Intel Corporation) Mark-David McLaughlin (Cisco Systems) Nicole Gong (Mitre Corporation) Patrick Maroney (Wapack Labs LLC)
Meeting not quorate.
Meeting minutes of Monthly TC Meeting #4 on 2017-02-22.
Minute approval requested via mailing list:
- Motion requested per mail to the TC list by Stefan on "Wed, 29 Mar 2017 10:30:07 -0700 (PDT)" with subject:
"Motion to approve the Minutes from Previous Meeting #4 (2017-02-22)"
- Seconded per mail to the TC list by Harold on "Wed, 29 Mar 2017 10:55:40 -0700 (PDT)" with subject
"RE: [csaf] Motion to approve the Minutes from Previous Meeting #4 (2017-02-22)"
- No additional mails received regarding that motion until "Tue, 25 Apr 2017 02:06:28 -0700 (PDT)" thus a mail was sent to the TC list by Stefan on "Tue, 25 Apr 2017 02:06:28 -0700 (PDT)" with subject
"Minutes approved - Re: [csaf] Motion to approve the Minutes from Previous Meeting #4 (2017-02-22)" documenting the conclusion, that the minutes have been approved unchanged as published.
Minutes approved unchanged as published
Eric: Raised some nits on mailing list but does not consider those ax blocking a first public comments release
Harold: Asks if CSAF-21 has been applied?
Stefan: States that yes (noted in the slides snet around and published in kavi before the meeting)
Feng and Harold discuss the v1.1 situation w.r.t mandatory or optional CVSSScoreSets
Feng suggests to leave cvss3 mandatory and if some vendor only supports v2 CVSS they should stay with cvrf v1.1 so couple CSAF CVRF v1.2 with mandatory CVSS v3
All discuss the 2 dimensional version matrix combinations and the implication
Art: Asks for if CSAF CVRF 1.2 should require 0 or more of both versions CVSS?
Feng: Suggests to have 1 or more CVSS v3 and 0 or more CVSS v2
Art: Suggests to have a vote
Omar: Notes this must be via mail as meeting is not quorate
Art will do
Update after the meeting: There has been some discussion on the mailing list, but no vote has been requested
(and participation in that discussion did show contributions mostly from proponents of one variant).
Next Meeting #6 will be on Wednesday, April 26, 2017
Wednesday, 26 April 2017, 01:00pm to 02:00pm EST (UTC-5) - i.e. 2017-04-26 19:00 to 20:00 CEST (UTC+2)
Event page: Meeting Id 44455
Self-Registration link (available from approx. 15 minutes before meeting start):
All meetings monthly on last Wednesday during:
01:00pm to 02:00pm EST (UTC-5) - 19:00 to 20:00 CEST (UTC+2)
The chair opened the floor for questions, there were none.
The meeting was adjourned at 01:26 EST (18:26 UTC).