finos/common-cloud-controls

07/04/2024 Security WG Meeting Minutes

Closed this issue · 5 comments

mlysaght2017 commented

Date

07/04/2024 - 11 am ET / 5 pm UK

Meeting notices

  • FINOS Project leads are responsible for observing the FINOS guidelines for running project meetings. Project maintainers can find additional resources in the FINOS Maintainers Cheatsheet.
  • All participants in FINOS project meetings are subject to the LF Antitrust Policy, the FINOS Community Code of Conduct and all other FINOS policies.
  • FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact legal@finos.org with any questions.
  • FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.

Agenda

  • Convene & roll call (5mins)
  • Display FINOS Antitrust Policy summary slide
  • Review Meeting Notices (see above)
  • Approve past meeting minutes
  • Project board walkthrough
  • Update on Intro meeting with CSA CTO and next steps
  • Discuss #220 and #242 and proposed working session
  • AOB, Q&A & Adjourn (5mins)

Untracked attendees

  • Fullname, Affiliation, (optional) GitHub username
  • ...
eddie-knight commented

👋 :shipit: Eddie Knight / Sonatype

sshiells-scottlogic commented

Stevie Shiells / Scott Logic

eddie-knight commented

Meetings Minutes

  • Julia from MyCena introduced herself, invited by Roy from LSEG
  • @mlysaght2017 (ML): Apologies for not tracking the last session's meetings
  • ML: Opened Project Kanban
  • ML: Catalog POC PR is currently blocked by needing additional approver to @finos/ccc-wg-security
  • ML: Damien is working on a POC for control catalog integration to automated workflow
  • ML: The WG had a fruitful call with Daniel (sp?), CTO of Cloud Security Alliance on Monday. Discussing whether we should do a mapping to their CCN, STAR, or other alignment. They have an interesting deliverable scheduled for October. Follow up is scheduled for 16 July, contact ML for invite.
  • Shuh Alam (SA) and Julia requested an invite.
  • ML: Met with @iMichaela to discuss #242. Looking for someone to pair on this work. It is still unclear of where OSCAL fits into our roadmap, and we hope to address it in the Object Storage service.
  • SA: Some of LSEG's recent work may contribute to that effort, please extend an invite to collaborate.
  • ML elaborated on the details of issue 242, including the 4 step plan, intended result, and definition of done.
  • ML will schedule working sessions to move 242 forward next week.
  • ❤️1
github-actions commented

This issue is stale because it has been open for 13 days with no activity.

github-actions commented

This issue was closed because it has been inactive for 14 days.