Meeting Agenda for 21 Jun 19 Jul 2022

Antitrust Disclaimer

Attendance

...

Agenda Items	Presented By	Presos/Notes/Links/
Welcome	Ben Courliss
Core Infrastructure Badge	Joseph Pearson	Working session to review the Badge Application: https://bestpractices.coreinfrastructure.org/en/projects/4300Review previous meeting notes	Ben Courliss
Review Semantic Versioning for all Open Horizon projects.	Ben Courliss
Q/A and Wrap up	Anyone

Look into what the EdgeX Foundry does for their release notes. There may be a GitHub Action available to reuse.
Need to address security vulnerabilities.
- Maybe have a wiki page to start with - Akraino and EdgeX Foundry wikis may have something we can base off of
  - https://github.com/lf-edge/edge-home-orchestration-go/blob/master/.github/SECURITY.md
- Have TSC members (WG chairs) on private email list where users can submit vulnerabilities
  - Speak with Kendall who may have started to create this list via groups.io
- Potentially look at using Syft to output a CycloneDX or SPDX file that can be joined with a CVE database to produce a vulnerability report from images
  - https://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html
TESTING.md to address testing policy for new functionality (required unit tests, etc)

...