Stephen
David
Erhard
Tullio
Approved with minor editing changes. Will be republished as N1139.
As long as the WTO declares the COVID19 pandemic, ISO will keep banning in-person meetings. INCITS has also banned in-person meetings in the US. We expect no in-person meetings at least until May 2022. The May 2022 JTC 1 meeting was just made virtual.
Therefore, the meeting schedule will remain virtual for work on 24772 Parts for the foreseeable future and WG 23 meeting will be virtual.
|
||||
2022 |
||||
#75 |
6 April 2022 |
Electronic |
1600-1800 UTC |
|
#76 |
TBD June 2022 |
With WG 5 Fortran, Las Vegas NV |
|
|
#77 |
TBD Sep 2022 |
With SC 22 |
|
|
#78 |
TBD Nov 2022 |
With WG 21 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
||
|
|
|
||
|
||||
2023 |
||||
#79 |
TBD Feb 2022 |
Electronic |
1 |
|
#80 |
TBD June 2022 |
With WG 5 Fortran |
|
|
#81 |
TBD Sep 2022 |
With SC 22 |
|
|
#82 |
TBD Nov 2022 |
With WG 21 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The SC 22 committee manager has reported that ISO rejected the free availability of TR 24772-1:2019, TR 24772-2:2020 and 24772-3:2020 because they are technical reports and not technical standards. In its 2021 Directives, ISO and IEC have also stated that TR's can no longer contain guidance.
This leaves us no choice but to reissue the documents as international standards. We have balloted a NWIP for IS 24772-1, which passed unanimously. The SC 22 Committee Manager is initiating a DIS ballot for the document.
In the meantime, we have discovered one or two new vulnerabilities that should be added immediately. The most critical one is the existence of source text (control characters) that can completely hide source text from human review. The Convenor believes that this is important enough to immediately initiate an amendment to DIS 24772-1. Since amendment ballots only take 3 months, we can complete development and ballot by the time that the DIS ballot completes, and integrate it for a 2-month FDIS ballot.
Decision – Wait until we know the free availability decision from ISO CS.
Another issue is free availability of Part 1. The Committee Manager has some concrete recommendations for the wording of a case to go to JTC 1 at its May plenary for approval and forwarding to ISO/IEC. It is recommended that we create a small committee to prepare this document in January 2022.
As part of the free availability discussions, ISO is in general
resisting granting free availability to documents that provide
mandatory criteria or that provide guidance. Since 24772 (all parts)
contain the word “guidance” in the title and contain sections
that use the word “guidance”, the convenor proposes that we
remove that word largely from the title and the document. For
example, Part one would become
ISO/IEC 24772-1 –
Programming languages – Avoiding vulnerabilities in programming
languages – Part 1: Language independent catalogue of
vulnerabilities
We agree to meet Monday Jan 17 1800-2000 UTC to finish the
meeting. N1139 is the updates to Part 1 made in the meeting.
Progress of Part 4 Python -
Progress of Part 6 SPARK – Document is almost ready for NWIP and DIS ballot. After development by the UK SPARK specialists it was reviewed by WG 9 and WG 23 members and the AdaCore SPARK team. Some issues were identified and are being resolved.
Progress of Part 10 C++
Progress of Part 11, Java
Review of following document activities
Part 2 Ada has been accepted by WG 9 and requires approval by WG 23. This document is N1135. We have discovered one situation that Erhard will explain that requires removing some guidance from N1121, if WG 9 agrees.
N1135, proposed DIS 24772-1 is deemed ready to go to DIS ballot,
with the changes made to address a WG 9 concern (from N1105) and
corrections to remove “guidance” wording from normative text.
This document will be reviewed and a motion to progress to DIS made.
The SC 22 convenor has raised an issue that there is a
statement at the bottom of the forward stating that conformance
information has been added, and that this statement should be
removed.
Motion to submit N1121 to SC 22 for the initiation of an NWIP ballot for Ada together with an NWIP Form 4.
– To Submit N1128 SPARK to SC 22 for the initiation of an NWIP ballot for SPARK together with an NWIP Form 4.
Motion: To accept the document N1135 as edited by this meeting and the ISO Free availability request form for submission to the SC 22 Committee Manager for submission to ISO for DIS ballot.