Document ISO/IEC/JTC 1/SC 22/WG 23 N0493


Minutes of Meeting #29
ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities
20 October 2014


Meeting Time:

20 October 2014: 20H00 UTC (22H00 CET, 21H00 UK summer, 16H00 EST, 13H00 PST)

1. Opening activities

1.1 Opening Comments

1.2 Introduction of Participants/Roll Call

Bob Karlin
Larry Wagoner
David Keaton
Santiago U
Tullio Vardenega
Erhard Ploedereder
Joyce Tokar
Stephen Michell (convenor)

1.3 Procedures for this Meeting

1.4 Approval of previous Minutes

Approved

1.5 Review of actions items and resolutions, Action Item and Decision Logs

1.6 Approval of Agenda [N 0459]

1.7 Future Meeting Schedule

How do we want to meet? Tullio – prefers 3 day meetings for technical work. Bob – COBOL experience that detailed small technical meetings work well by telecon. Exploratory meetings work well in person. Erhard prefers 2 meetings per year. Proposes telecon every 2 months.


2016

#36

#35




TBD



#34

Feb-May

Monthly teleconference


2015

#33

#32

Sept/Oct 2015

June 2015

TBD

Madrid with Ada Europe

#31

Feb-May

Monthly teleconference

#30

January 12-13

Houston – Clear Lake close to NASA. (ask Gicca). Prefer meeting fee.



2. Confirmation of Liaison Activities

2.1 SC 22

2.2 PL22.3/WG5 (Fortran)

2.3 PL22.4/WG4 (COBOL)

2.4 WG9 (Ada)

2.5 PL22.11/WG14 (C)

2.6 PL22.16/WG21 (C++)

2.7 Ecma International, TC49/TG2 (C#)

2.8 Ecma International, TC39 (ECMAScript)

2.9 MISRA (C)

2.10 MISRA (C++)

2.11 SPARK

2.12 SC7/WG19 (UML)

2.13 SC27/WG3, WG4 Security

2.14 Other Liaison Activities or National body reports

3. Document Review

    1. IS 17960 Code Signing

      Review not possible, secretary has not provided results of DIS ballot.

    2. TR 24772 Vulnerabilities

      Discussion of Work Plan, Multipart document

      In favour of the multipart document – all – a priority action.

      TRv2 analysis document – review in detail at meeting 30.

      Ask all to think about other vulnerabilities and bring forward.

      Timetable for progression of work

      1. Propose 3 year schedule for core document and annexes with constraint on WG 23 to stop work on core (except for polishing) 1 year early. - general consensus.

4. Other Business

4.1 Housekeeping matters

The existing website at Mitre is no longer available for update. We are moving to LiveLink with a backup on Keld Simonsen's site at
www.open-std.org/jtc1/sc22/wg23
All of the material on the present website will be moved over. Similarly there will be a new email reflector.

4.2 Assignment of responsibilities

Liaisons
Editor / Editing Group

Although we pass responsibility of producing to other WG, but have a WG 23 member to be the editing liaison. That individuals role is to work with the editors of the annex (part) to maintain momentum, address issues or difficulties, and provide review and comment for format, wording and technical content (if possible).

Erhard – Ada

Bob Karlin – COBOL

Dan Nagle – Fortran

Tatsuaki Takebe – Ruby

Larry Wagoner – PHP and Python

Spark -

C? - Clive?

Others – TBD?

Main document – Erhard lead editing group consisting of Clive, Larry and Erhard.

4.2 Promotion of WG23 Products, Steve Michell, per Action Item #21–6

5. Resolutions

6. Adjournment