< Home | Return to Ballot listing

Ballot Details    TC Member Ballot View
Call for consent of Static Analysis Results Interchange Format (SARIF) Version 2.1.0 as an OASIS Standard

Do you consent or object to the approval of Static Analysis Results Interchange Format (SARIF) V2.1.0 as an OASIS Standard?

Software developers use a variety of tools to assess the quality of their programs. These tools can report results on qualities such as validity, security, performance, compliance with legal requirements, etc. To form an overall picture of program quality, developers often need to aggregate the results produced by all of these tools, a task made difficult when each tool produces output in a different format.

SARIF defines a standard format for the output of static analysis tools in order to:

- Comprehensively capture the range of data produced by commonly used static analysis tools.
- Reduce the cost and complexity of aggregating the results of various analysis tools into common workflows.
- Represent analysis results for all kinds of programming artifacts, including source code and object code.

Three Statements of Use were received from Software Assurance Marketplace
(SWAMP) Project, GrammaTech Inc., and Microsoft [2].

This is a call to the Organizational Members of OASIS to consent or object to this approval. You are welcome to register your consent explicitly on the ballot; however your consent is assumed unless you register an objection [3]. To register an objection, you must:

1. Indicate your objection on this ballot, and

2. Provide a reason for your objection and/or a proposed remedy to the TC.

You may provide the reason in the comment box or by email to the Technical Committee on its comment mailing list or, if you are a member of the TC, to the TC's mailing list [3]. If you provide your reason by email, please indicate in the subject line that this is in regard to the Call for Consent. Note that failing to provide a reason and/or remedy may result in an objection being deemed invalid.

URIs:

The prose specification document and related files are available here:

Static Analysis Results Interchange Format (SARIF) Version 2.1.0
Candidate OASIS Standard 02
12 March 2020

Editable source (Authoritative):
https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/sarif-v2.1.0-cos02.docx

HTML:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/sarif-v2.1.0-cos02.html

PDF:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/sarif-v2.1.0-cos02.pdf

JSON schemas:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/schemas/


Please contact OASIS TC Administration at tc-admin@lists.oasis-open.org with any questions you may have about this ballot.

--- Additional information ---

[1] OASIS Static Analysis Results Interchange Format (SARIF) TC
https://www.oasis-open.org/committees/sarif/

[2] Statements of use
Links to Statements of Use

- Software Assurance Marketplace (SWAMP) Project -
https://www.oasis-open.org/committees/document.php?document_id=65816&wg_abbrev=sarif

- GrammaTech Inc. -
https://www.oasis-open.org/committees/document.php?document_id=66130&wg_abbrev=sarif

- Microsoft -
https://www.oasis-open.org/committees/document.php?document_id=66346&wg_abbrev=sarif

[3] https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26#OScallForConsent

 [ ]  Yes
 [ ]  No
 [ ]  Abstain
Opening:   Saturday, 14 March 2020 @ 12:00 am UTC
Closing:   Friday, 27 March 2020 @ 11:59 pm UTC
Group:   OASIS organizational voting
Ballot has closed.

Referenced Items
Name Type Date Action
* 03485: Call for consent of Static Analysis Results Interchange Format (SARIF) Version 2.1.0 as an OASIS Standard (145K)
Document
2020-03-27
No Access

Voting Details

Voting Summary

Options with highest number of votes are bold

Option # Votes % of Total
Yes 17 100%
No 0 0%
Abstain 0
Eligible companies who have voted: 17 of 204 8%
Eligible companies who have abstained: 0 of 204 0%
Eligible companies who have not voted: 187 of 204 92%

Voting Details

Voter Company VoteReference Document and/or Comment
Florian Skopik (Pri)
AIT Austrian Institute of Technology
--
 
Gerhard Heyer (Pri)
ASV
--
 
Maria Adamczyk (Pri)
AT&T
--
 
Robert Coderre (Pri)
Accenture
--
 
Vivek Kumar (Pri)
Adobe Systems
--
 
Abbie Barbir (Pri)
Aetna
Yes
 
Nicolas Figay (Pri)
Airbus Group SAS
--
 
Jennifer Sadlier (Pri)
Alfresco Software
--
 
John Heywood (Pri)
American University
--
 
Nicholas Hayden (Pri)
Anomali
--
 
Jim Price (Pri)
Arizona Supreme Court
--
 
Pablo Giambiagi (Pri)
Axiomatics AB
--
 
David Harte (Pri)
Bank of America
--
 
Alvaro Sandoval (Pri)
Biblioteca del Congreso Nacional de Chile
--
 
Jim Tivy (Pri)
Bluestream
--
 
Phillip Windley (Pri)
Brigham Young University OIT
--
 
Bret Jordan (Pri)
Broadcom
--
 
Trey Darley (Pri)
CCB/CERT.be
--
 
Thorsten Behrens (Pri)
CIB labs GmbH
--
 
Alexandre Dulaunoy (Pri)
CIRCL
--
 
Arsalan Iqbal (Pri)
CTM360
--
 
Mary Wilson (Pri)
Carnegie Mellon University
--
 
Mark Davidson (Pri)
Celerium Inc.
--
 
Haibo Li (Pri)
China Electronics Standardization Institute
--
 
Narendra Vad (Pri)
Cisco Systems
--
 
Morten Ollgaard (Pri)
ClearView Trade
--
 
Matthew Reed (Pri)
Coelition
--
 
Dawn Stevens (Pri)
Comtech Services, Inc.
--
 
Tim Hudson (Pri)
Cryptsoft Pty Ltd.
--
 
Jane Ginn (Pri)
Cyber Threat Intelligence Network, Inc. (C...
Yes
 
Anuj Goel (Pri)
Cyware Labs
--
 
Michael Rosa (Pri)
DHS Office of Cybersecurity and Communicat...
--
 
Ole Madsen (Pri)
Danish Business Authority
--
 
Ryan Hohimer (Pri)
DarkLight, Inc.
--
 
Gauthier Fanmuy (Pri)
Dassault Systemes
--
 
Judith Furlong (Pri)
Dell
--
 
Arno Schamber (Pri)
Deutsche Boerse AG
--
 
Mette Frydenberg (Pri)
Directorate of Labour and Welfare Norway
--
 
Michael Staudinger (Pri)
EUMETNET
--
 
Raymon van der Velde (Pri)
EclecticIQ
--
 
Matt Wakefield (Pri)
Electric Power Research Institute (EPRI)
--
 
Mark Nixon (Pri)
Emerson Process Management
--
 
Thomas Sigdestad (Pri)
Enonic
--
 
Richard Hogue (Pri)
Environment Canada
--
 
Carolina Canales-Valenzuela (Pri)
Ericsson
--
 
Gianluigi Alari (Pri)
European Parliament
--
 
Chris Ricard (Pri)
Financial Services Information Sharing and...
--
 
Paul Patrick (Pri)
FireEye, Inc.
--
 
Gerald Stueve (Alt)
Fornetix
Yes
 
Daniel Mallmann (Pri)
Forschungszentrum Juelich GmbH
--
 
Faiyaz Shahpurwala (Pri)
Fortanix, Inc.
--
 
Kazunori Iwasa (Pri)
Fujitsu Limited
--
 
David Lemire (Pri)
G2, Inc.
--
 
Allison Ferch (Pri)
GALA
--
 
Henri Barthel (Pri)
GS1
--
 
Juliet Espinosa (Pri)
GS1 Colombia/LOGYCA
--
 
Matt Bauer (Pri)
Galois, Inc.
Yes
 
Larissa Bezrukavyy (Pri)
Generis Corp
--
 
Shirley-Ann Fiagome (Pri)
Ghana Parliament
--
 
Jeremy Allison (Pri)
Google Inc.
--
 
Paul Anderson (Pri)
GrammaTech, Inc.
Yes
 
George Knecht (Pri)
Green Filing, LLC
--
 
Sun-ho Lee (Pri)
Hancom Secure, Inc.
--
 
Christoph Meinel (Pri)
Hasso Plattner Institute
--
 
Bill Burns (Pri)
Healthwise
--
 
Christopher Hillier (Pri)
Hewlett Packard Enterprise (HPE)
--
 
Akihito Sawada (Pri)
Hitachi, Ltd.
--
 
Ke Zhou (Pri)
HuaZhong University of Science and Technology
--
 
Fang You (Pri)
Huawei Technologies Co., Ltd.
--
 
Jason Keirstead (Pri)
IBM
--
 
Bruno Volckaert (Pri)
IDLab
--
 
Sid Baccam (Pri)
IEM
--
 
Atsuhiro Goto (Pri)
IISEC
--
 
Ashwini Jarral (Pri)
IJIS Institute
--
 
Nigel Solkhon (Pri)
ISITC Europe
--
 
Eric Sirois (Pri)
IXIASOFT
--
 
Ryan Foley (Pri)
ImageSoft, Inc.
--
 
Damian Wabisch (Pri)
Individual
--
 
Michael Markowitz (Pri)
Information Security Corporation
--
 
Katalin Bartfai-Walcott (Pri)
Intel Corporation
--
 
Steve Olshansky (Pri)
Internet Society (ISOC)
--
 
Ken Klingenstein (Pri)
Internet2
--
 
Serge Huber (Pri)
Jahia Solutions Group SA
--
 
Damian Tamburri (Pri)
Jheronimus Academy of Data Science (JADS)
--
 
Thomas Smith (Pri)
Johns Hopkins University Applied Physics L...
--
 
Brian Schmidt (Pri)
Journal Technologies
--
 
Simon Krek (Pri)
Jozef Stefan Institute
--
 
Jorge Basto (Pri)
Judicial Council of Georgia
--
 
Tom Magliery (Pri)
JustSystems Canada, Inc.
--
 
Ilan Kernerman (Pri)
K Dictionaries Ltd
--
 
Camilla Boemann (Pri)
KDE e.V.
--
 
Beth Pumo (Pri)
Kaiser Permanente
Yes
 
Jason Novecosky (Pri)
KeyNexus Inc
--
 
Carlos Manjarez (Pri)
Legal Services Corporation
--
 
Milos Jakubicek (Pri)
Lexical Computing CZ s.r.o.
--
 
Jacques de Wit (Pri)
Logius
--
 
Allan Thomson (Pri)
LookingGlass
--
 
Snorri Ogata (Pri)
Los Angeles Superior Court
--
 
Thomas Hardjono (Pri)
M.I.T.
--
 
Mario Velazquez (Pri)
MDreieck S.A. de C.V.
--
 
Joe Wheeler (Alt)
MTG Management Consultants, LLC.
--
 
Kent Landfield (Pri)
McAfee
--
 
Michael Angelo (Pri)
Micro Focus
Yes
 
Peggy Moloney (Pri)
Microsoft
Yes
 
Marc Boget (Pri)
Ministere de L'Interieur-France
--
 
Doraiswamy ('Raj') Rajagopal (Pri)
Mitre Corporation
--
 
Gary Crowe (Pri)
NAPPS
--
 
George Johnson (Pri)
NC4
--
 
Takahiro Kakumaru (Pri)
NEC Corporation
--
 
Kevin Mangold (Pri)
NIST
Yes
 
Andrea Hardy (Pri)
NOAA/NWS
--
 
Mikio Aoyama (Pri)
Nanzan University
--
 
Jim Harris (Pri)
National Center for State Courts
--
 
Denise Anderson (Pri)
National Council of ISACs (NCI)
--
 
Mike Boyle (Pri)
National Security Agency
--
 
John McCrae (Pri)
National University of Ireland Galway
--
 
David Dale (Pri)
NetApp
--
 
Erin O'Reilly (Pri)
NetCracker
--
 
Krishna Narayanaswamy (Pri)
Netskope
--
 
Daniel Riedel (Pri)
New Context Services, Inc.
Yes
 
James Collier (Pri)
New Zealand Government
--
 
Timo Perala (Pri)
Nokia
--
 
Rae McQuade (Pri)
North American Energy Standards Board
--
 
Paul Seay (Pri)
Northrop Grumman
--
 
Jens Aabol (Pri)
Norwegian Digitalisation Agency
--
 
Scott McGrath (Pri)
OASIS
--
 
Timothy Allen (Pri)
Oberon Technologies Inc.
--
 
Larry Johnson (Pri)
Object Management Group
--
 
Michael Grow (Pri)
One Legal
--
 
Scott Simmons (Pri)
Open Geospatial Consortium, Inc. (OGC)
--
 
Don Thibeau (Pri)
Open Identity Exchange
--
 
Matti Moell (Pri)
OpenSynergy GmbH
--
 
Kasperi Rask (Pri)
OpusCapita Solutions OY
--
 
Martin Chapman (Pri)
Oracle
--
 
Mark Joseph (Pri)
P6R, Inc
--
 
Yasuyuki Nishioka (Pri)
PSLX consortium
--
 
Chris Chiesa (Pri)
Pacific Disaster Center
--
 
Ryan Olson (Pri)
Palo Alto Networks
--
 
Peter Reynolds (Pri)
Polish Association of Translation Agencies...
--
 
Danilo Ardagna (Pri)
Politecnico di Milano-DEIB
--
 
Rob Hanna (Pri)
Precision Content Authoring Solutions Inc.
--
 
Tomas Gustavsson (Pri)
PrimeKey Solutions AB
--
 
Mark Biamonte (Pri)
Progress Software
--
 
Maria Manuela Cruz (Pri)
Publications Office of the European Union
--
 
Guo Ying (Pri)
Qi An Xin Technology Group Inc.
--
 
John Leiseboer (Pri)
QuintessenceLabs Pty Ltd.
--
 
Sam DeBord (Pri)
Real Estate Standards Organization (RESO)
--
 
Mark Little (Pri)
Red Hat
--
 
Kevin Brown (Pri)
RenderX, Inc.
--
 
Joerg Schwenk (Pri)
Ruhr University Bochum
--
 
Ralf Handl (Pri)
SAP SE
Yes
 
Frank Closset (Pri)
SDL
--
 
Nicolas Ferry (Pri)
SINTEF
--
 
Leif Johansson (Pri)
SUNET
--
 
Irene Landrum (Pri)
SWAMP
Yes
 
Oege de Moor (Pri)
Semmle
--
 
Stephen Edwards (Alt)
Semper Fortis Solutions
--
 
Marquart FRANZ (Pri)
Siemens AG
--
 
Prasad Yendluri (Pri)
Software AG
--
 
David Charles (Pri)
Solace Systems
--
 
Pim van der Eijk (Pri)
Sonnenglanz Consulting
--
 
Adam Wyner (Pri)
Swansea University
--
 
Kerstin Wiss-Holmdahl (Pri)
Swedish Association of Local Authorities & Regions
--
 
Martin Torngren (Pri)
Swedish Royal Institute of Technology
--
 
Andrew Johnston (Pri)
TELUS
--
 
Eric Johnson (Pri)
TIBCO Software Inc.
--
 
Olivier Dobberkau (Pri)
TYPO3 Association
Yes
 
Wesley Coelho (Pri)
Tasktop Technologies Inc.
--
 
Cheolsoon Park (Pri)
Telecommunications Technology Association ...
--
 
Lucas Tamagna-Darr (Pri)
Tenable, Inc
--
 
Solomon Cates (Pri)
Thales e-Security
--
 
Kathryn Breininger (Pri)
(Mr. Chet Ensign recorded vote)
The Boeing Company
Yes
Charles Schulz (Pri)
The Document Foundation
--
 
Lester Bird (Pri)
The Pew Charitable Trusts
--
 
Simon Johnson (Pri)
Thingstream AG
--
 
Andrew Pendergast (Pri)
ThreatConnect, Inc.
--
 
Ryan Trost (Pri)
ThreatQuotient, Inc.
--
 
Mikkel Brun (Pri)
Tradeshift Network Ltd.
--
 
Kris Anderson (Pri)
Trend Micro
--
 
Craig Gemmill (Pri)
Tridium, Inc.
--
 
David Lewis (Pri)
Trinity College Dublin (ADAPT)
--
 
Philip Baughman (Pri)
Tyler Technologies, Inc.
--
 
Antonio Brogi (Pri)
UNIPI
--
 
Sherman Charles (Pri)
US Department of Defense (DoD)
--
 
Gheorghe Cosmin Silaghi (Pri)
Universitatea Babes-Bolyai
--
 
Monica Palmirani (Pri)
University of Bologna-CIRSFID
--
 
David Chadwick (Pri)
University of Kent
--
 
Livio Robaldo (Pri)
University of Luxembourg
--
 
Toby Considine (Pri)
University of North Carolina at Chapel Hill
--
 
Vasileios Mavroeidis (Pri)
University of Oslo
--
 
Dieter Bong (Pri)
Utimaco IS GmbH
Yes
 
Stephen Diamond (Pri)
VMware, Inc.
--
 
Joe Schreiber (Pri)
Varmour Networks
--
 
Yong Kim (Pri)
VeriSign
--
 
Christopher Shawn (Pri)
Veterans Health Administration
Yes
 
Carlos Evia (Pri)
Virginia Tech
--
 
Saji Thoppil (Pri)
WIPRO Limited
--
 
David Dufour (Pri)
Webroot
--
 
Matt Vickers (Pri)
Xero
--
 
Ravi Sunkavalli (Pri)
Xilinx, Inc
--
 
Dominik Obermaier (Pri)
dc-square GmbH
--
 
Hamish Cameron (Pri)
nCipher
Yes
 
Danilo Beuche (Pri)
pure-systems GmbH
--
 
Duncan Sparrell (Pri)
sFractal Consulting LLC
--