OASIS Open: Committees

Call for consent of Static Analysis Results Interchange Format (SARIF) Version 2.1.0 as an OASIS Standard

Do you consent or object to the approval of Static Analysis Results Interchange Format (SARIF) V2.1.0 as an OASIS Standard?

Software developers use a variety of tools to assess the quality of their programs. These tools can report results on qualities such as validity, security, performance, compliance with legal requirements, etc. To form an overall picture of program quality, developers often need to aggregate the results produced by all of these tools, a task made difficult when each tool produces output in a different format.

SARIF defines a standard format for the output of static analysis tools in order to:

- Comprehensively capture the range of data produced by commonly used static analysis tools.
- Reduce the cost and complexity of aggregating the results of various analysis tools into common workflows.
- Represent analysis results for all kinds of programming artifacts, including source code and object code.

Three Statements of Use were received from Software Assurance Marketplace
(SWAMP) Project, GrammaTech Inc., and Microsoft [2].

This is a call to the Organizational Members of OASIS to consent or object to this approval. You are welcome to register your consent explicitly on the ballot; however your consent is assumed unless you register an objection [3]. To register an objection, you must:

1. Indicate your objection on this ballot, and

2. Provide a reason for your objection and/or a proposed remedy to the TC.

You may provide the reason in the comment box or by email to the Technical Committee on its comment mailing list or, if you are a member of the TC, to the TC's mailing list [3]. If you provide your reason by email, please indicate in the subject line that this is in regard to the Call for Consent. Note that failing to provide a reason and/or remedy may result in an objection being deemed invalid.

URIs:

The prose specification document and related files are available here:

Static Analysis Results Interchange Format (SARIF) Version 2.1.0
Candidate OASIS Standard 02
12 March 2020

Editable source (Authoritative):
https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/sarif-v2.1.0-cos02.docx

HTML:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/sarif-v2.1.0-cos02.html

PDF:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/sarif-v2.1.0-cos02.pdf

JSON schemas:
https://docs.oasis-open.org/sarif/sarif/v2.1.0/cos02/schemas/

Please contact OASIS TC Administration at tc-admin@lists.oasis-open.org with any questions you may have about this ballot.

--- Additional information ---

[1] OASIS Static Analysis Results Interchange Format (SARIF) TC
https://www.oasis-open.org/committees/sarif/

[2] Statements of use
Links to Statements of Use

- Software Assurance Marketplace (SWAMP) Project -
https://www.oasis-open.org/committees/document.php?document_id=65816&wg_abbrev=sarif

- GrammaTech Inc. -
https://www.oasis-open.org/committees/document.php?document_id=66130&wg_abbrev=sarif

- Microsoft -
https://www.oasis-open.org/committees/document.php?document_id=66346&wg_abbrev=sarif

[3] https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26#OScallForConsent

[ ]	Yes
[ ]	No
[ ]	Abstain

Opening:		Saturday, 14 March 2020 @ 12:00 am UTC
Closing:		Friday, 27 March 2020 @ 11:59 pm UTC
Group:		OASIS organizational voting

Ballot has closed.

Referenced Items
Name	Type	Date	Action
03485: Call for consent of Static Analysis Results Interchange Format (SARIF) Version 2.1.0 as an OASIS Standard (145K)	Document	2020-03-27	No Access

Voting Details

Voting Summary

Options with highest number of votes are bold

Option	# Votes	% of Total
Yes	17	100%
No	0	0%
Abstain	0

Eligible companies who have voted:	17 of 204	8%
Eligible companies who have abstained:	0 of 204	0%
Eligible companies who have not voted:	187 of 204	92%

Voting Details

Voter	Company	Vote	Reference Document and/or Comment
Florian Skopik (Pri)	AIT Austrian Institute of Technology	--
Gerhard Heyer (Pri)	ASV	--
Maria Adamczyk (Pri)	AT&T	--
Robert Coderre (Pri)	Accenture	--
Vivek Kumar (Pri)	Adobe Systems	--
Abbie Barbir (Pri)	Aetna	Yes
Nicolas Figay (Pri)	Airbus Group SAS	--
Jennifer Sadlier (Pri)	Alfresco Software	--
John Heywood (Pri)	American University	--
Nicholas Hayden (Pri)	Anomali	--
Jim Price (Pri)	Arizona Supreme Court	--
Pablo Giambiagi (Pri)	Axiomatics AB	--
David Harte (Pri)	Bank of America	--
Alvaro Sandoval (Pri)	Biblioteca del Congreso Nacional de Chile	--
Jim Tivy (Pri)	Bluestream	--
Phillip Windley (Pri)	Brigham Young University OIT	--
Bret Jordan (Pri)	Broadcom	--
Trey Darley (Pri)	CCB/CERT.be	--
Thorsten Behrens (Pri)	CIB labs GmbH	--
Alexandre Dulaunoy (Pri)	CIRCL	--
Arsalan Iqbal (Pri)	CTM360	--
Mary Wilson (Pri)	Carnegie Mellon University	--
Mark Davidson (Pri)	Celerium Inc.	--
Haibo Li (Pri)	China Electronics Standardization Institute	--
Narendra Vad (Pri)	Cisco Systems	--
Morten Ollgaard (Pri)	ClearView Trade	--
Matthew Reed (Pri)	Coelition	--
Dawn Stevens (Pri)	Comtech Services, Inc.	--
Tim Hudson (Pri)	Cryptsoft Pty Ltd.	--
Jane Ginn (Pri)	Cyber Threat Intelligence Network, Inc. (C...	Yes
Anuj Goel (Pri)	Cyware Labs	--
Michael Rosa (Pri)	DHS Office of Cybersecurity and Communicat...	--
Ole Madsen (Pri)	Danish Business Authority	--
Ryan Hohimer (Pri)	DarkLight, Inc.	--
Gauthier Fanmuy (Pri)	Dassault Systemes	--
Judith Furlong (Pri)	Dell	--
Arno Schamber (Pri)	Deutsche Boerse AG	--
Mette Frydenberg (Pri)	Directorate of Labour and Welfare Norway	--
Michael Staudinger (Pri)	EUMETNET	--
Raymon van der Velde (Pri)	EclecticIQ	--
Matt Wakefield (Pri)	Electric Power Research Institute (EPRI)	--
Mark Nixon (Pri)	Emerson Process Management	--
Thomas Sigdestad (Pri)	Enonic	--
Richard Hogue (Pri)	Environment Canada	--
Carolina Canales-Valenzuela (Pri)	Ericsson	--
Gianluigi Alari (Pri)	European Parliament	--
Chris Ricard (Pri)	Financial Services Information Sharing and...	--
Paul Patrick (Pri)	FireEye, Inc.	--
Gerald Stueve (Alt)	Fornetix	Yes
Daniel Mallmann (Pri)	Forschungszentrum Juelich GmbH	--
Faiyaz Shahpurwala (Pri)	Fortanix, Inc.	--
Kazunori Iwasa (Pri)	Fujitsu Limited	--
David Lemire (Pri)	G2, Inc.	--
Allison Ferch (Pri)	GALA	--
Henri Barthel (Pri)	GS1	--
Juliet Espinosa (Pri)	GS1 Colombia/LOGYCA	--
Matt Bauer (Pri)	Galois, Inc.	Yes
Larissa Bezrukavyy (Pri)	Generis Corp	--
Shirley-Ann Fiagome (Pri)	Ghana Parliament	--
Jeremy Allison (Pri)	Google Inc.	--
Paul Anderson (Pri)	GrammaTech, Inc.	Yes
George Knecht (Pri)	Green Filing, LLC	--
Sun-ho Lee (Pri)	Hancom Secure, Inc.	--
Christoph Meinel (Pri)	Hasso Plattner Institute	--
Bill Burns (Pri)	Healthwise	--
Christopher Hillier (Pri)	Hewlett Packard Enterprise (HPE)	--
Akihito Sawada (Pri)	Hitachi, Ltd.	--
Ke Zhou (Pri)	HuaZhong University of Science and Technology	--
Fang You (Pri)	Huawei Technologies Co., Ltd.	--
Jason Keirstead (Pri)	IBM	--
Bruno Volckaert (Pri)	IDLab	--
Sid Baccam (Pri)	IEM	--
Atsuhiro Goto (Pri)	IISEC	--
Ashwini Jarral (Pri)	IJIS Institute	--
Nigel Solkhon (Pri)	ISITC Europe	--
Eric Sirois (Pri)	IXIASOFT	--
Ryan Foley (Pri)	ImageSoft, Inc.	--
Damian Wabisch (Pri)	Individual	--
Michael Markowitz (Pri)	Information Security Corporation	--
Katalin Bartfai-Walcott (Pri)	Intel Corporation	--
Steve Olshansky (Pri)	Internet Society (ISOC)	--
Ken Klingenstein (Pri)	Internet2	--
Serge Huber (Pri)	Jahia Solutions Group SA	--
Damian Tamburri (Pri)	Jheronimus Academy of Data Science (JADS)	--
Thomas Smith (Pri)	Johns Hopkins University Applied Physics L...	--
Brian Schmidt (Pri)	Journal Technologies	--
Simon Krek (Pri)	Jozef Stefan Institute	--
Jorge Basto (Pri)	Judicial Council of Georgia	--
Tom Magliery (Pri)	JustSystems Canada, Inc.	--
Ilan Kernerman (Pri)	K Dictionaries Ltd	--
Camilla Boemann (Pri)	KDE e.V.	--
Beth Pumo (Pri)	Kaiser Permanente	Yes
Jason Novecosky (Pri)	KeyNexus Inc	--
Carlos Manjarez (Pri)	Legal Services Corporation	--
Milos Jakubicek (Pri)	Lexical Computing CZ s.r.o.	--
Jacques de Wit (Pri)	Logius	--
Allan Thomson (Pri)	LookingGlass	--
Snorri Ogata (Pri)	Los Angeles Superior Court	--
Thomas Hardjono (Pri)	M.I.T.	--
Mario Velazquez (Pri)	MDreieck S.A. de C.V.	--
Joe Wheeler (Alt)	MTG Management Consultants, LLC.	--
Kent Landfield (Pri)	McAfee	--
Michael Angelo (Pri)	Micro Focus	Yes
Peggy Moloney (Pri)	Microsoft	Yes
Marc Boget (Pri)	Ministere de L'Interieur-France	--
Doraiswamy ('Raj') Rajagopal (Pri)	Mitre Corporation	--
Gary Crowe (Pri)	NAPPS	--
George Johnson (Pri)	NC4	--
Takahiro Kakumaru (Pri)	NEC Corporation	--
Kevin Mangold (Pri)	NIST	Yes
Andrea Hardy (Pri)	NOAA/NWS	--
Mikio Aoyama (Pri)	Nanzan University	--
Jim Harris (Pri)	National Center for State Courts	--
Denise Anderson (Pri)	National Council of ISACs (NCI)	--
Mike Boyle (Pri)	National Security Agency	--
John McCrae (Pri)	National University of Ireland Galway	--
David Dale (Pri)	NetApp	--
Erin O'Reilly (Pri)	NetCracker	--
Krishna Narayanaswamy (Pri)	Netskope	--
Daniel Riedel (Pri)	New Context Services, Inc.	Yes
James Collier (Pri)	New Zealand Government	--
Timo Perala (Pri)	Nokia	--
Rae McQuade (Pri)	North American Energy Standards Board	--
Paul Seay (Pri)	Northrop Grumman	--
Jens Aabol (Pri)	Norwegian Digitalisation Agency	--
Scott McGrath (Pri)	OASIS	--
Timothy Allen (Pri)	Oberon Technologies Inc.	--
Larry Johnson (Pri)	Object Management Group	--
Michael Grow (Pri)	One Legal	--
Scott Simmons (Pri)	Open Geospatial Consortium, Inc. (OGC)	--
Don Thibeau (Pri)	Open Identity Exchange	--
Matti Moell (Pri)	OpenSynergy GmbH	--
Kasperi Rask (Pri)	OpusCapita Solutions OY	--
Martin Chapman (Pri)	Oracle	--
Mark Joseph (Pri)	P6R, Inc	--
Yasuyuki Nishioka (Pri)	PSLX consortium	--
Chris Chiesa (Pri)	Pacific Disaster Center	--
Ryan Olson (Pri)	Palo Alto Networks	--
Peter Reynolds (Pri)	Polish Association of Translation Agencies...	--
Danilo Ardagna (Pri)	Politecnico di Milano-DEIB	--
Rob Hanna (Pri)	Precision Content Authoring Solutions Inc.	--
Tomas Gustavsson (Pri)	PrimeKey Solutions AB	--
Mark Biamonte (Pri)	Progress Software	--
Maria Manuela Cruz (Pri)	Publications Office of the European Union	--
Guo Ying (Pri)	Qi An Xin Technology Group Inc.	--
John Leiseboer (Pri)	QuintessenceLabs Pty Ltd.	--
Sam DeBord (Pri)	Real Estate Standards Organization (RESO)	--
Mark Little (Pri)	Red Hat	--
Kevin Brown (Pri)	RenderX, Inc.	--
Joerg Schwenk (Pri)	Ruhr University Bochum	--
Ralf Handl (Pri)	SAP SE	Yes
Frank Closset (Pri)	SDL	--
Nicolas Ferry (Pri)	SINTEF	--
Leif Johansson (Pri)	SUNET	--
Irene Landrum (Pri)	SWAMP	Yes
Oege de Moor (Pri)	Semmle	--
Stephen Edwards (Alt)	Semper Fortis Solutions	--
Marquart FRANZ (Pri)	Siemens AG	--
Prasad Yendluri (Pri)	Software AG	--
David Charles (Pri)	Solace Systems	--
Pim van der Eijk (Pri)	Sonnenglanz Consulting	--
Adam Wyner (Pri)	Swansea University	--
Kerstin Wiss-Holmdahl (Pri)	Swedish Association of Local Authorities & Regions	--
Martin Torngren (Pri)	Swedish Royal Institute of Technology	--
Andrew Johnston (Pri)	TELUS	--
Eric Johnson (Pri)	TIBCO Software Inc.	--
Olivier Dobberkau (Pri)	TYPO3 Association	Yes
Wesley Coelho (Pri)	Tasktop Technologies Inc.	--
Cheolsoon Park (Pri)	Telecommunications Technology Association ...	--
Lucas Tamagna-Darr (Pri)	Tenable, Inc	--
Solomon Cates (Pri)	Thales e-Security	--
Kathryn Breininger (Pri) (Mr. Chet Ensign recorded vote)	The Boeing Company	Yes	vote cast by proxy on 24 march 2010.
Charles Schulz (Pri)	The Document Foundation	--
Lester Bird (Pri)	The Pew Charitable Trusts	--
Simon Johnson (Pri)	Thingstream AG	--
Andrew Pendergast (Pri)	ThreatConnect, Inc.	--
Ryan Trost (Pri)	ThreatQuotient, Inc.	--
Mikkel Brun (Pri)	Tradeshift Network Ltd.	--
Kris Anderson (Pri)	Trend Micro	--
Craig Gemmill (Pri)	Tridium, Inc.	--
David Lewis (Pri)	Trinity College Dublin (ADAPT)	--
Philip Baughman (Pri)	Tyler Technologies, Inc.	--
Antonio Brogi (Pri)	UNIPI	--
Sherman Charles (Pri)	US Department of Defense (DoD)	--
Gheorghe Cosmin Silaghi (Pri)	Universitatea Babes-Bolyai	--
Monica Palmirani (Pri)	University of Bologna-CIRSFID	--
David Chadwick (Pri)	University of Kent	--
Livio Robaldo (Pri)	University of Luxembourg	--
Toby Considine (Pri)	University of North Carolina at Chapel Hill	--
Vasileios Mavroeidis (Pri)	University of Oslo	--
Dieter Bong (Pri)	Utimaco IS GmbH	Yes
Stephen Diamond (Pri)	VMware, Inc.	--
Joe Schreiber (Pri)	Varmour Networks	--
Yong Kim (Pri)	VeriSign	--
Christopher Shawn (Pri)	Veterans Health Administration	Yes
Carlos Evia (Pri)	Virginia Tech	--
Saji Thoppil (Pri)	WIPRO Limited	--
David Dufour (Pri)	Webroot	--
Matt Vickers (Pri)	Xero	--
Ravi Sunkavalli (Pri)	Xilinx, Inc	--
Dominik Obermaier (Pri)	dc-square GmbH	--
Hamish Cameron (Pri)	nCipher	Yes
Danilo Beuche (Pri)	pure-systems GmbH	--
Duncan Sparrell (Pri)	sFractal Consulting LLC	--