Document ISO/IEC/JTC 1/SC 22/WG 23 N0532


Draft Meeting Minutes for Meeting #35
ISO/IEC JTC 1/SC 22/WG 23: Programming Language Vulnerabilities
25 May 2015

Meeting Times:

25 May 2015: 2000-2200 UTC

1 Opening activities

1.1 Opening Comments

1.2 Introduction of Participants/Roll Call

Stephen Michell
Erhard Ploedereder
Santiago Uruena Pascual
Tullio Vardenega
Clive Pygott
David Keaton
Robert Karlin
Larry Wagoner


1.3 Procedures for this meeting

1.4 Approval of previous minutes N0530

1.5 Review of actions items and resolutions, Action Item and Decision Logs

1.6 Approval of Agenda [N 0525]

1.7 Future Meeting Schedule

2016

#4y






#44

14-16 April 16

BSI, London UK (UTC)

#43

07/03/16

Teleconference (UTC 2100, 2 hr)

#42

08/02/16

Teleconference (UTC 2100, 2 hr)

#41

11/01/16

Teleconference (UTC 2100, 2 hr)

2015

#40

23/11/15

Teleconference (UTC 2100, 2 hr)

oo

#39

24-25 Oct

New Delhi, India with SC 27 (UTC+5:30)

#38

17-18 Sep 2015

Washington with SC 22

#37

03/08/15

Teleconference (UTC 2000 for 2hr)

#36

26-27 Jun

Madrid with Ada Europe (UTC+1)

#35

25/05/15

Teleconference (UTC 2000 for 2hr)






2. Liaison Activities (as needed – not for this meeting)

2.1 SC 22

2.2 PL 22 (Open)

2.3 PL22.3/WG5 (Fortran)

2.4 WG4 (COBOL)

2.5 WG9 (Ada)

2.6 PL22.11/WG14 (C)

2.7 PL22.16/WG21 (C++)

2.8 Ecma International, TC49/TG2 (C#)

2.9 Ecma International, TC39 (ECMAScript)

2.10 MISRA (C)

2.11 MISRA (C++)

2.12 SPARK

2.13 SC7/WG19 (UML)

2.14 SC27/WG3, WG4 Security

2.15 Other Liaison Activities or National body reports

3. Document Review

3.1 DIS 17960 Code Signing

FDIS 17960 is in ballot, closing 6 (?) July 2015. Comments from SC 27/WG 3 have been received

3.2 TR 24772-1 Vulnerabilities, language independent

Review progress on Draft TR 24772-1 N0537

Highlighted text in 6.6 Numeric Conversion Errors (explicitly 6.6.5) – what to do?

What to do about 6.17 XZI Sign extension error

Sect 6.37.4,5 Ignored Error Status … - Robert wants more discussion on first bullet

3.3 TR 24772-2 Ada

Review progress on Draft TR 24772-2 N0538

          3.4 Business Plan

          3.5 Language guidance (advice to editors) from Erhard – N0536

          3.6 JSF-TR comparison from Larry – N0528, updated as N0540

    Document to be reviewed by all for the April meeting and make recommendations as appropriate. (AI)

          3.7 TR 24772-4 Python, prepared by Santiago Uruena Pascual Document N0541

              Minor updates by Stephen Michell

4 Strategy (for face-to-face meetings)

5. Publicity (for face-to-face meetings)

4. Other Business

    1. Material from SC 27 WG 3

    2. Discussion of Section 7 as it applies to coding standards. Consider section 7 & vulnerabilities from the perspective of the development of design (or coding?) guide lines standards to address such vulnerabilities.

4.1 Assignment of responsibilities

5. Resolutions and Action Items

35-04

Erhard, Stephen

Update guidance to editors document, make Standing document 5 or 6, send to WG 9.

35-03

All

Review results of N0540 Comparison of JSF and TR24772-1

35-02

Robert

Explain concerns with OYB Unhandled Exception Handling in email. Steve to solicit.

35-01

Steve

Update Ada and Python Annex to reflect changes to core document. (removal of 6.17 and concurrency changes)



6. Adjournment