ISO/IEC JTC 1/SC 22/WG 23/N 0484
Draft Minutes: Meeting #28
ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities
7 August 2014

Meeting Times:

One hour each day, starting at
0400 Hawaii Standard Time (GMT-10)
0700 Pacific Daylight Time (GMT-7)
1000 Eastern Daylight Time (GMT-4)
1500 UK Daylight Time (GMT+1)
1600 Central Europe, summer (GMT+2)
2300 Japan Standard Time (GMT+9)

10 July 2014
17 July 2014
24 July 2014
31 July 2014
07 August 2014

Meeting Location:

This is a web/teleconference only meeting

Agenda Items

1. Opening activities

1.1 Opening Comments

1.2 Introduction of Participants/Roll Call

Bob Karlin

David Keaton

Stephen Michell

Dan Nagle

Erhard Plödereder

Thomas Plum

Clive Pygott

Tatsuaki Takebe

Santiago Urueña

Tullio Vardanega

Larry Wagoner

1.3 Procedures for this Meeting

1.4 Approval of Agenda [ ]

Plödereder: Object to 4b, arguments for disbanding.

Keaton: In favor of 4b because that is how the US has voted.

Michell: Object to 4b.

General discussion noted that human resources as well as funding may be a factor.

Karlin: Propose moving document drafting after review of N 0461 in the agenda. Also add specific resources to discussions of code signing and review of N 0461.

Michell: Add new vulnerabilities to review of N 0461.

Michell/Keaton: All three documents will be subject to WG 23 review.

* Unanimous approval of agenda as revised by Karlin/Michell.

Later discussion remarked that the deadline for submitting a document to the SC 22 Plenary is August 8.

* The committee unanimously agreed to modify the meeting schedule as follows:

Meet July 10, 17, 24, 31, and August 7.

The August 7 meeting is just for final document review right before the SC 22 deadline.

2. Status of DIS 17960-2 Code signing for source code

The JTC 1 3-month ballot began in June and ends on approximately September 25, after the SC 22 plenary.

Larry Wagoner will continue to be the editor. (This is noted in the interest of making the resources for each task explicit.)

3. Review of N0461, "Working draft of third revision of TR 24772"

** Everyone will perform a technical review. [Done]

** Keaton will mail out the results of his review. [Done]

o The vulnerabilities are out of order (the new ones were just tacked on to the end)

Keaton: The new vulnerabilities at the end of section 6 appear to be in a reasonable order. Those at the end of section 7 need to be reordered.

o Previous Project Editor says there is missing text in some places and extra text in others. This needs to be dealt with.
o Some of the headers are wrong.
o Status of Annexes
o Resources

General discussion of resource questions sent to the e-mail list.

* Unanimous agreement to split TR 24772 annexes out into separate documents.

** Michell will look into the procedures for doing this. [Done]

Plödereder: We should update the resource document to include answers.

** Plum will find out how to update the e-mail list to include new members. [Done]

Plödereder sent a proposed list of resources to the e-mail list, and suggested that they become part of the unanimously agreed document. The committee edited the resource list in the meeting in preparation for this.

** Plum will draft a liaison statement requesting help from the C and COBOL committees. [Done]

o New vulnerabilities


Michell: There are inconsistencies in the guidance sections.

Michell distributed a spreadsheet of all the guidance sections for ease of comparison so that committee members could look for inconsistencies.

4. Document Drafting for SC 22 Plenary (Madrid, September 2014)

WG 23 will prepare several documents for the SC 22 Madrid plenary:
(a) Factual matters which are unanimously agreed by WG 23 members; Convener T. Plum will coordinate;

* Replace section “Overview regarding Resources” by Plödereder's list as edited by the group.

Pygott: Drop “within SC 22.”

Michell: Drop “through WG 23 within SC 22.”

(b) The arguments for disbanding WG 23; D. Keaton will coordinate; Status of 4(b) TBD pending discussion;

Keaton sent a draft to the e-mail list.

** Plum will extract part of this document for the WG 23 Convenor's report, so WG 23 does not need to do anything more with it. [Overtaken by events]

    (c) The arguments against disbanding WG 23; S. Michell will coordinate.

Michell sent a draft to the e-mail list.

There were no objections to Michell's draft, except Plum raised a concern that WG 23 had previously decided not to pursue floating point.

** Michell will revise the document to make it clear that it describes what is desired, contingent on getting the appropriate expertise (for example, for floating point). [Done]

** Plum will submit documents (a) and (c) as attachments to the Convenor's report. [Done]

5. Review of Draft Convenor's Report

[to be distributed by email]

** From agenda item 4 above, Plum will make parts (b) and (c) both annexes to the Convenor's report, labeling (b) as “small minority” and (c) as “overwhelming majority.”

** Plum will ask for an extension to submit the Convenor's report to SC 22, to allow time to discuss it by e-mail.

6. Approval of previous Minutes []

It is proposed that this paragraph under "4. Other Business"

will be replaced with this paragraph:

* Unanimously approved as amended.

7. Accept/Reject Offer by Plum to add Fortran Annex to TR 24772 Second Edition

Michell: The ISO mechanism would be essentially the same as publishing a third edition.

Keaton: Regardless of mechanism, this offer would get the Fortran Annex into people's hands about two years sooner.

The question at hand is affected by our decision on whether or not to publish the annexes separately as “parts.” Michell reported that he had investigated and found that the ISO mechanism to publish the annexes separately is simply for SC 22 to split the work and then grant permission to add more parts as needed.

Michell: Why did John Benito object to splitting the document? We want to be sure we haven't missed anything that he saw.

Keaton: Benito said that the reason he objected was that he and Jim Moore could not come up with a mechanism for keeping the parts in sync with the main body.

Michell: There are mechanisms to stay in sync but we need to think about them carefully.

** Michell will propose some words for what we request from SC 22 regarding splitting annexes. [Done]

Michell: We need not approach SC 22 until we are ready to perform the split, possibly in a year.

8. Adjournment