Apologies for the extra email, but someone kindly pointed out an error on my part. The correct time for the General Meeting is 16:00 UTC. Meeting Time: Thurs, Jan 3, 8am PT / 10 am CT / 11am ET / 16:00 UTC.
From: "[email protected]" <[email protected]> Date: Wednesday, January 2, 2019 at 8:17 AM To: "[email protected]" <[email protected]> Cc: JC Herz <[email protected]> Subject: FW: Jan 3 SPDX General Meeting Reminder Re-reminding now that most folks are back from the holidays. From: "[email protected]" <[email protected]> Date: Thursday, December 20, 2018 at 10:04 AM To: "[email protected]" <[email protected]> Cc: JC Herz <[email protected]> Subject: Jan 3 SPDX General Meeting Reminder Hello, all. Wishing the best to you for the holidays. As many will have time off between now and the New Year. A new direction from SPDX is to expand into handling security information in addition to license and copyrights. JCC Herz will be talking about this in in the Jan 3 meeting. JC is the COO of Ion Channel, a software supply chain assurance and software logistics platform. JC co-wrote open source acquisition policy for the Defense Department in the mid-2000’s to curtail vendor-driven FUD about OSS, and has worked in large-scale enterprises to accelerate and enable verification, audit and continuous assurance of OSS for mission critical applications. Here's what she’ll be talking about- “Evolving SPDX for Open Source Security: Lessons Learned from the Software Evidence Archive (SEVA)” In the early days of enterprise OSS use, corporate concern tended to stem from licensing status, and SPDX operationalizes and automates risk management in that domain. As concerns around OSS have shifted towards security and supply chain risk, there are enterprise workflows for security approval, audit and compliance that require more and different details to augment transitive dependencies and licensing - some of which are not immediately obvious to developer communities outside the bureaucracies where these workflows exist. In the development of the SEVA (Software Evidence Archive), Ion Channel needed to augment the content of a standard SBOM with security, audit and compliance fields to satisfy the security, audit and compliance requirements of large IT bureaucracies in an an automated fashion. Because of large and escalating regulatory requirements for security, audit and compliance, these workflows are not going away. To that end, Ion Channel seeks to support SPDX with an open source XML implementation that includes these fields, so that large regulated customers can more easily adopt, maintain and update OSS applications and components. GENERAL MEETING Meeting Time: Thurs, Jan 3, 8am PDT / 10 am CDT / 11am EDT / 15:00 UTC. http://www.timeanddate.com/worldclock/converter.html Conf call dial-in: New dial in number: 415-881-1586<tel:(415)%20881-1586> No PIN needed The weblink for screenshare will stay the same at: http://uberconference.com/SPDXTeam Administrative Agenda Attendance Minutes Approval: https://wiki.spdx.org/view/General_Meeting/Minutes/2018-12-06 Guest Speaker – JC Herz Technical Team Report – Kate/Gary Legal Team Report – Jilayne/Paul Outreach Team Report – Jack Any Cross Functional Issues –All L. Philip Odence General Manager, Black Duck On-Demand Synopsys Software Integrity Group 800 District Avenue, Suite 101, Burlington, MA 01803-5061 Note new work #: W: +1.781.313.6801; M: +1.781.258.9502 www.blackducksoftware.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__www.blackducksoftware.com_&d=DwMGaQ&c=DPL6_X_6JkXFx7AXWqB0tg&r=6RejxoO58WZ8e0SKjO9DwnbnAWbcLSaQRQp3CZDH85w&m=Gbp9fplNqEhOFu28lGaSRI8mbgeYyQ_Uh-2DXejzEGU&s=gRi2hJzj1xWnq8i9h-kYpkQvTPYAPzTnZ2fVQreBImc&e=> -=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#1198): https://lists.spdx.org/g/spdx/message/1198 Mute This Topic: https://lists.spdx.org/mt/28913816/21656 Group Owner: [email protected] Unsubscribe: https://lists.spdx.org/g/spdx/leave/2655439/1698928721/xyzzy [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
