From 51637ff7534144307928ab684f7d2d45d85ecb71 Mon Sep 17 00:00:00 2001
From: Omar Santos <os@cisco.com>
Date: Wed, 30 Oct 2024 10:13:01 -0400
Subject: [PATCH 1/2] Meeting Minutes for 2024-07-31

This adds the meeting minutes for the CSAF Technical Committee meeting held on July 31, 2024.
---
 meeting_minutes/2024/2024-07-31.md | 69 ++++++++++++++++++++++++++++++
 1 file changed, 69 insertions(+)
 create mode 100644 meeting_minutes/2024/2024-07-31.md

diff --git a/meeting_minutes/2024/2024-07-31.md b/meeting_minutes/2024/2024-07-31.md
new file mode 100644
index 00000000..4c13a4bc
--- /dev/null
+++ b/meeting_minutes/2024/2024-07-31.md
@@ -0,0 +1,69 @@
+![image](https://user-images.githubusercontent.com/1690898/139102180-5c1e2583-14f1-4f58-ab2b-9e3807ed529c.png)
+
+# Common Security Advisory Framework (CSAF) Technical Committee Working Meeting
+
+- Meeting Date: July 31, 2024
+- Time: 17:00 UTC (19:00 CEST, 13:00 EDT, 10:00 PDT)
+
+## Call to Order and Welcome
+
+Meeting called to order @ 17:03 UTC
+
+## Roll call
+Inability to register attendees due to OASIS system challenges.
+
+## Participants
+
+| Given Name | Family Name | Affiliation                                                 | Role          |
+|:-----------|:------------|:------------------------------------------------------------|:--------------|
+| Christoph  | Plutte      | Ericsson                                                    | Voting Member |
+| Denny      | Page        | Individual                                                  | Voting Member |
+| Dina       | Truxius     | Federal Office for Information Security (BSI)               | Voting Member |
+| Feng       | Cao         | Oracle                                                      | Voting Member |
+| JD         | Stefaniak   | Dell                                                        | Member        |
+| Justin     | Murphy      | DHS Cybersecurity and Infrastructure Security Agency (CISA) | Voting Member |
+| Michael    | Reeder      | Dell                                                        | Voting Member |
+| Omar       | Santos      | Cisco                                                       | Chair         |
+| Rhonda     | Levy        | Cisco                                                       | Voting Member |
+| Sonny      | van Lingen  | Huawei Technologies Co., Ltd.                               | Voting Member |
+| Stefan     | Hagen       | Individual                                                  | Voting Member |
+| Thomas     | Schaffer    | Cisco                                                       | Voting Member |
+| Thomas     | Schmidt     | Federal Office for Information Security (BSI)               | Voting Member |
+| Vivek      |  Nair       | Microsoft                                                   | Voting Member |
+| Tobi | Limmer | Siemens | Voting Member |
+
+### Observers present
+
+Note: Observers of this committee that are ready to become Members should follow the specific instructions displayed the OASIS Open Notices tab.
+
+## Agenda
+
+- Roll call cannot be done automatically, we will approve meeting minutes via email.
+- Updates about other OASIS projects
+- Review GitHub Issues for TC Discussion:  https://github.com/oasis-tcs/csaf/issues
+- Discuss next steps.
+- Adjourn
+
+
+## Meeting Notes
+
+- The voting process has been streamlined via email, allowing work items to be discussed and addressed during the call.
+- Omar introduced the [Coalition for Secure AI (CoSAI)](https://www.coalitionforsecureai.org/) has gained significant momentum with many new members joining since its launch. The coalition focuses on AI security governance, incident response, and supply chain security.
+- Discussed open issues marked for TC discussion. All of the motions and follow ups will be done via email. 
+- The pull request #761 on the CSAF GitHub repository proposes several changes:
+  - The term `scores` is changed to `metrics` to better align with the intended use and context.
+  - New Level Addition: A new level called `content` is introduced to group scores (now metrics).
+  - Optional Property: A `source` property is added as an optional field, formatted as a URI. This provides a way to include the URL of the source that originally determined the `metric`.
+  - These changes are part of addressing issues #754, #341, and #624, and they aim to improve the clarity and structure of CSAF by refining terminology and adding useful metadata.
+- We also discussed the proposal to enable consumers to differentiate between system advisories with actions required and informational advisories with no actions expected. Voting will be done via email. All of the emails and motions [are available here](https://groups.oasis-open.org/communities/community-home/digestviewer?communitykey=dfd6f6ef-b478-4686-baed-018dc7d3f240).
+- There was a discussion about issues and pull requests, with Thomas highlighting the need to address the SSVC.
+  - The inclusion of SSVC into CSAF is strongly endorsed by multiple participants, as it would be helpful for assessments and decision-making.
+  - SSVC is prioritizing vulnerabilities that have been exploited and have a technical impact on the organization.
+  - Issue https://github.com/oasis-tcs/csaf/issues/803 was opened to continue the conversation. Additional references [here](https://github.com/oasis-tcs/csaf/issues/803#issuecomment-2441988277).
+ 
+## Adjourn
+
+- The meeting was adjourned @ 18:00 UTC
+
+**Note**: All monthly meetings take place on the last Wednesday of each month at 13:00 EDT (17:00/18:00 UTC).
+ 

From 0583ab800f17f2bd77808906ed081d8d14032ef8 Mon Sep 17 00:00:00 2001
From: Stefan Hagen <stefan@hagen.link>
Date: Sun, 3 Nov 2024 01:44:30 +0100
Subject: [PATCH 2/2] nit: clarification

Co-authored-by: tschmidtb51 <65305130+tschmidtb51@users.noreply.github.com>
---
 meeting_minutes/2024/2024-07-31.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meeting_minutes/2024/2024-07-31.md b/meeting_minutes/2024/2024-07-31.md
index 4c13a4bc..7d9e5863 100644
--- a/meeting_minutes/2024/2024-07-31.md
+++ b/meeting_minutes/2024/2024-07-31.md
@@ -59,7 +59,7 @@ Note: Observers of this committee that are ready to become Members should follow
 - There was a discussion about issues and pull requests, with Thomas highlighting the need to address the SSVC.
   - The inclusion of SSVC into CSAF is strongly endorsed by multiple participants, as it would be helpful for assessments and decision-making.
   - SSVC is prioritizing vulnerabilities that have been exploited and have a technical impact on the organization.
-  - Issue https://github.com/oasis-tcs/csaf/issues/803 was opened to continue the conversation. Additional references [here](https://github.com/oasis-tcs/csaf/issues/803#issuecomment-2441988277).
+  - _Addendum (after the meeting): Issue https://github.com/oasis-tcs/csaf/issues/803 was opened to continue the conversation. Additional references [here](https://github.com/oasis-tcs/csaf/issues/803#issuecomment-2441988277)._
  
 ## Adjourn