SACM met on Tuesday (2016-11-15) at 9:30 for 2.5 hours, and we discussed our architectural approach, how to get software identifiers collected from endpoints, and open issues with our information model. We also started considering how we can keep our information model minimized but extendable based on some real-world state collection data.
Next steps include enumerating the functions/interfaces and data that we need flowing through the SACM environment to support our vulnerability assessment scenario.