AGENDA FOR 11 - 13 December 2006
MEETING #3 OF ISO/JTC1/SC22/OWG:Vulnerability
22-OWGV-N0052


11 December 2006 09:30-12:00 13:30-16:00
12 December 2006 09:00-12:00 13:30-16:00
13 December 2006 09:00-12:00

Meeting Location:

INCITS/Information Technology Industry Council
1250 Eye Street, NW - Suite 200
Washington, DC 20005
USA

Host:

InterNational Committee for Information Technology Standards
USA

Host Contact information:

Blue Pilot Consulting, Inc.
Email: John Benito
Phone: +1 (831) 427-0528
Cell:   +1 (831) 600-5547

Monday 11th

9:00 - 9:30 - Coffee -

9:30 - 10:00 1. Opening activities

1.1 Opening Comments (Moore, Benito)
1.2 Introduction of Participants/Roll Call
1.3 Procedures for this Meeting (Chair)
1.4 Approval of previous minutes (Moore)

Note: Change the first paragraph of 5.3 to read as follows:

Robert Seacord and Tom Plum were given Action Item 01-09 to propose a set of levels. In correspondence, Plum suggested that some other concepts need to be agreed upon, such as critical vulnerability, before a scheme of levels could be developed. Seacord submitted a chart describing the CERT approach [N0031: txt, jpg]. In Seacord's absence, OWGV discussed the suggestion described in his email note. The action item was closed.

1.5 Review of previous actions items and resolutions (Action Item & Decision Logs).
1.6 Approval of Agenda
1.7 Information on Futute Meetings. (Benito)

1.7.1 Future Meeting Schedule
1.7.2 Future Agenda Items
1.7.3 Future Mailings

10:00 - 10:30 2. Reports on Liaison Activities

2.1 SC 22 ( N0045) (Moore)
2.2 J3/WG5 (Fortran)
2.3 J4/WG4 (COBOL)
2.4 WG9 (Ada)
2.5 J11/WG14 (C)
2.6 J16/WG21 (C++) Note: Place holder only, no current liaison.
2.7 ECMA TC39/TG2 (C#)
2.8 MISRA (C)
2.9 MISRA (C++)
2.10 SPARK
2.11 MDC (MUMPS)
2.12 SC7/WG19 (UML)
2.13 Other Liaison Activities or National body reports

10:30 - 10:45 Break

10:45 - 16:00 3. Document Review

3.1 Vulnerabilities Issues from TR 15942 (Michell)
3.2 Vulnerability classifications used in QinetiQ report (Pygott)
3.3 Tool assurance for predictable execution (Wichmann)
3.4 Expertise (Jones)
3.5 Proposed language vulnerability guidelines (Jones)
3.6 Working Draft of PDTR 24772

Tuesday 12th

9:00 - 16:00 4. Continue Document Review

Wednesday 13th

9:00 - 10:30 5. Other Business

10:30 - 10:45 Break

10:40 - 12:00 6. Resolutions

6.1 Review of Decisions Reached
6.2 Formal Vote on Resolutions
6.3 Review of Action Items
6.4 Thanks to Host

12:00 7. Adjournment