Meeting Agenda for 21 Jun 19 Jul 2022

Antitrust Disclaimer

Attendance

...

Agenda Items	Presented By	Presos/Notes/Links/
Welcome	Ben Courliss
Review previous meeting notes	Ben Courliss
Review Semantic Versioning for all Open Horizon projects.	Ben Courliss	Core Infrastructure Badge	Joe Pearson	Working session to review the Badge Application: https://bestpractices.coreinfrastructure.org/en/projects/4300
Q/A and Wrap up	Anyone

Look into what the EdgeX Foundry does for their release notes. There may be a GitHub Action available to reuse.
Need to address security vulnerabilities.
- Maybe have a wiki page to start with - Akraino and EdgeX Foundry wikis may have something we can base off of
  - https://github.com/lf-edge/edge-home-orchestration-go/blob/master/.github/SECURITY.md
- Have TSC members (WG chairs) on private email list where users can submit vulnerabilities
  - Speak with Kendall who may have started to create this list via groups.io
- Potentially look at using Syft to output a CycloneDX or SPDX file that can be joined with a CVE database to produce a vulnerability report from images
  - https://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html
TESTING.md to address testing policy for new functionality (required unit tests, etc)

...