07/18/2024 All Hands Meeting Minutes

[robmoffat]

Date

MM/DD/YYYY - (X)am ET / (Y)pm UK

• Join Zoom Meeting
• Meeting ID: 944 1616 8360
• Passcode: 042805
• Find your local number
• Copy this meeting to your calendar

Meeting notices

• FINOS Project leads are responsible for observing the FINOS guidelines for running project meetings. Project maintainers can find additional resources in the FINOS Maintainers Cheatsheet.
• All participants in FINOS project meetings are subject to the LF Antitrust Policy, the FINOS Community Code of Conduct and all other FINOS policies.
• FINOS meetings involve participation by industry competitors, and it is the intention of FINOS and the Linux Foundation to conduct all of its activities in accordance with applicable antitrust and competition laws. It is therefore extremely important that attendees adhere to meeting agendas, and be aware of, and not participate in, any activities that are prohibited under applicable US state, federal or foreign antitrust and competition laws. Please contact [email protected] with any questions.
• FINOS project meetings may be recorded for use solely by the FINOS team for administration purposes. In very limited instances, and with explicit approval, recordings may be made more widely available.

Agenda

• Convene & roll call (5mins)
• Display FINOS Antitrust Policy summary slide
• Review Meeting Notices (see above)
• Approve past meeting minutes
• Working Group Leads Updates
• OSFF CFP Proposals (30 September)
• Project board walkthrough
• AOB, Q&A & Adjourn (5mins)

Untracked attendees

• Fullname, Affiliation, (optional) GitHub username
• ...

[sshiells-scottlogic]

Stevie Shiells / Scott Logic

[mlysaght2017]

Michael Lysaght/Citi

[robmoffat]

Rob Moffat/ FINOS 🐮

[grudra7714]

Rudra Gupta / Krumware

[smendis-scottlogic]

Sonali Mendis / Scott Logic

[vCTO]

Ted Newman / NatWest Group

[rgriffiths-scottlogic]

Rob Griffiths / Scott Logic

[AdrianHammond]

Adrian Hammond / Red Hat

[robmoffat]

Minutes

Working Group Updates

Security (@mlysaght2017 )

• Had successful working group meeting, successful PRs. Good understanding of requirements, good attendance. Good support from NIST (Michaela).
• Taslked to CTO of Cloud Security Alliance - leverage CCM for de-duplication
• New Working session exists, LSEG actively contributing controls at the right level of abstraction in OSCAL.
• Going to set up meeting in US TZ too.
• @mlysaght2017 working actively on the "catalog layer"
• Extend Object Storage Controls #263

Community Structure (@sshiells-scottlogic )

• Last meeting discussed use of milestones and guidance. Overlapping discussions about releases occurring with the delivery working group.
• Lots of events have been creating visibility, Chris Plank and Nudra Gupta and Kenny Dunn new to the call.

Taxonomy Group (@smendis-scottlogic )

• DoD and Numbering format #252
  • Numbering format and definition of done.
• New members joining the taxonomy group.
• Divided up the work, drilling down further on RDBMS / Database
• Working on handover to security.

Delivery Group (@damienjburks)

• Have been discussing ideas about version control, attaching milestones to the working groups.
• Discussed how we inspire contributors to get involved
• Creation of Global Markdown Formatting and Linting GitHub Actions #223
  • Damien can't merge because he wrote it and is the code owner!
• Want to create a GitHub issue to decide on release/milestone strategy.
• Creating a PR for a PoC of the releasing strategy.
• @damienjburks and @Alexstpierrework to talk offline about this after the meeting

Duplication Reduction (@jared-lambert not available)

Need for More Contributors / Approvers

• WG leads asked new joiners to help review PRs and come to their working groups!
• @eddie-knight we are in need of additional approvers. There's an issue to track which groups have a single approver. This is a problem as an approver can't approve their own work!
• People can get involved by reaching out to @Alexstpierrework or via the mailing lists on https://github.com/finos/common-cloud-controls?tab=readme-ov-file#1-join-finos-ccc-project-meetings
• Stopgap solution is to get the steerco to approve.

CFP

Talk 1

• @damienjburks and Rudra: https://docs.google.com/document/d/1_rBaLefbsN0jM-q0vXWzONXycD-GpPNgM-K2kClqe18/edit
• Demo of a validator from CFI which validates a cloud deployment, using IaC.
• "If you come to NYC, you'll see how the CCC taxonomy and controls can be used in a real-world way through the CFI implementations"
• Needs some work on the proposal, @Alexstpierrework, This is what the form looks like:
  
• Buy in from Damien and Rudra? "We need to finalise details, but I'm fine demoing controls that we decide on".

Talk 2

• Literature review - what we've had to learn about control catalogs/regulatory landscape.
• @AdrianHammond - we could poll people present to find out what services they would like added to the CCC.
• Chris Plank: Kenny Dunn is in the team for reviewing cloud controls in their bank.
• @eddie-knight @jared-lambert would be good for this. Would be nice to have someone from an FSI.
• @Alexstpierrework to drive this and get an email together,

AOB

CSP Participation (Raised by Chris Plank)

@eddie-knight MS very involved, as are Google. Amazon waiting to get a project into FINOS before joining CCC.

[kennydunn72]

Kenny Dunn / NatWest

[damienjburks]

Damien Burks / Citi 👋