Agenda

1. Finalize agenda
2. New business
3. Misc
   • Workgroups
   • OS summit conference
   • Blogs
   • Vice-chair election
   • Action Items
4. Cadence of this meeting

Announcements

Add here

Presentation

Add here

Decision

Add here

Discussion

1. Finalize agenda Naomi taking notes

2. New business None

3. Misc

   • Workgroups
     • Maximilien led a working group discussion, noting the initial working groups are: Doc, Algorithms, and Security.

Docs Update

Nigel noted that he has started creating documents for PQ Code Package but asked if should this be implemented at the TAC level. Naomi noted that documents at the TAC level are generally used for guidance and accepted at the project level.

Max noted that to wait is to ensure the process of creating docs is consistent across the alliance and projects. Nigel noted that for Hyperledger they use Mockdocs and suggested to use that for this. Just to get something started and work from there.

Nigel to share a Hyperleder document that can be used as a template. 2 parts to documentation: 1. Process and tooling 2. content

Next Steps: Jones will take the lead on starting the process and using the Hyperleder/PQCP document process.

Security Update

Max noted that at the last TAC meeting, Dana presented OpenSSF Security Best Practices. Noting that the scorecard process has been started in OQS but they are still mitigating issues. After that has been completed, it will be rolled out to other projects in OQS and PQ Code Package.

Nigel noted that the community’s concern with the scorecard is visibility without resolving all the issues. The community agreed to fix the issues before making the scorecard public.

Hart noted that the alliance needs a well-documented security vulnerability disclosure process.

CBOM

Max requested this working group to be created and the request came from an internal request stating that CBOMs and SBOMs need to be created from the source. Need to have a catalog of CBoMs, create new ones where they don’t exist, and encourage others to do the same. Jones and Maximilen have started research for creating CBoMs for projects.

Have looked into how to create a catalog of existing CBoMs and what it takes to create a catalog. For example Kubernetes and seeing if we have a list of CBoMs for Kubernetes. This invites the question of introducing tooling to have these updated as well.

Next Steps: At the next meeting Maximilien and Jones will provide an update and findings to 1.) determine if the TAC is interested, 2.) does TAC members have CBoMs that they are maintaining, and 3.) if they have documentation on how they are managed.

The first step is to collect as much information before we create the working group. Uhri noted that the NIST PQC Discovery is pushing for S/CBOM output and for them to create documentation and tooling.

Conferences

Max noted to the group that a PQCA session was submitted for OSS EU in Vienna. Invited to give a talk at ICML, but someone else will need to attend as the conferences are on the same day in different locations.

Blogs

Max updated the group that the blog submitted by him and Ashwin is now ready for review. Encouraged others to be sure to submit blogs and content.

Vice-chair election

Brian nominated.

Action Items

See below

Cadence of this meeting

Max proposed to move this meeting to monthly. Discussion ensued about the risk of moving the TAC meeting to monthly. It was decided to keep these meetings every 2 weeks and then cancel when we don’t have enough content to host a meeting.

Action items

Action items

## Done (from previous minutes)

• Create GH issue for content reviewers [Naomi]
• Lifecycle document completion [Hart]

## Old

• Docs / Education / Website — look at PQ Code package as example [Nigel]
• Lifecycle document review [All]
• Summary for security workgroup [Nigel]
• SBOM / CBOM interest query [Nigel]

## New

• Jones will see about An open source c/sbom generator
• We will take time in next meeting to review lifecycle doc live with everyone and close on this [All]

Recordings

• Recordings are available on your Open Profile page under Past Meetings

Upcoming TAC meetings

Please check the calendar

Attended by

TAC members

• Norman Ashley, Cisco
• Michael (Max)imilien, IBM
• Sam Stanwyck, NVIDIA
• Sophie Schmieg, Google
• Brian Jarvis, Amazon Web Services Inc.
• Thomas Bailleux, SandboxAQ

Additional attendees

• Yarkin Doroz (NVDIA)
• Bryan Uhri (KeyFactor)
• Alex Bozarth (IBM)
• Nigel Jones (IBM)
• Ry Jones (LF)
• Hart Montgomery (LF)
• Naomi Washington (LF)