Overview
The OWASP AIBOM Weekly Call on November 11 featured introductions from new members, including Bakul Singhal and Karen Bennet, who highlighted their backgrounds and contributions. The meeting covered updates on the project’s roadmap, workstreams, and sponsorship efforts. Key points included the development of a new website, the creation of a foundational best practices document, and the need for a glossary of terms to ensure consistency across different standards and definitions. The team discussed the importance of collaboration with other organizations like SPDX and Linux Foundation, and the need for a workstream focused on vulnerabilities and threats.
Action Items
- Transition the public-facing AIBOM website to the new design within 1–2 weeks.
- Provide feedback on the new AIBOM website design.
- Coordinate with SPDX team to align definitions and identify synergies.
- Complete the draft of the foundational best practices document and coordinate with other workstreams.
Outline
Introductions and Meeting Kickoff
- Aruneesh Salhotra welcomes everyone and mentions the recording of the call for YouTube.
- Bakul Singhal introduces himself, sharing his background in software development and application security, and his interest in the AIBOM project.
- Karen Bennet introduces herself, mentioning her involvement with ISO and her background in open source.
- Erez Yalon and Gopi also introduce themselves, highlighting their roles and experiences in cybersecurity and risk management.
Project Overview and Workstream Updates
- Aruneesh Salhotra outlines the meeting agenda, including project roadmap updates, leadership updates, and workstream updates.
- Venkata provides an update on the prerequisites workstream, focusing on gap analysis with Cyclone DX 1.7 and identifying gaps in dataset provenance and lineage.
- Karen Bennet suggests including SPDX in the gap analysis, and Venkata agrees to invite SPDX members to their workstream calls.
- Dharmesh Vaya and Anmol discuss the progress of the content workstream, including the draft of the new website and the creation of a common template for documentation.
Collaboration and Alliances
- Aruneesh Salhotra emphasizes the importance of collaboration with other organizations and projects, including Linux Foundation and SPDX.
- Raymond Sheh suggests documenting differences in definitions between various standards and projects to avoid confusion.
- Karen Bennet mentions the need for a workstream on vulnerabilities and threats, and Bakul Singhal volunteers to lead it.
- Aruneesh Salhotra discusses the importance of having a comprehensive list of conferences and the need for language translation efforts.
Sponsorship and Documentation
- Aruneesh Salhotra discusses the sponsorship strategy, aiming for a 50k sponsorship target and mentioning the need for volunteers for language translation.
- Raymond Sheh suggests making the documentation more public and accessible, and Aruneesh agrees to make meeting minutes and updates more transparent.
- Karen Bennet asks about the application of donations, and Aruneesh explains that the funds will be used for operational expenses and promoting the project at conferences.
- Aruneesh Salhotra mentions the need for a glossary of terms to ensure consistency and clarity across different workstreams and projects.
Final Remarks and Action Items
- Aruneesh Salhotra thanks everyone for their participation and contributions.
- He outlines the next steps, including making the new website public, finalizing the foundational best practices document, and ensuring the meeting minutes are publicly available.
- Aruneesh Salhotra encourages everyone to provide feedback and suggestions for improving the project and its workstreams.
- The meeting concludes with a reminder to join the relevant workstream Slack channels and continue collaborating on the project.
