All,
In working through the STIX 2.0 documents, the editors have found the following issues, most of which are minor:
- Part 1:
- Update section 5.1.2 to correct the data markings description to indicate that they can't have relationships.
- Part 2:
- Attack pattern example: external_reference should have an external_id property
- The create time of the malware in the coa example is after the create time of the relationship that refers to it
- The COA Example has a typo. The Malware SDO at the bottom of the example has a property called `relationship_type` which should actually be `name`
- 2016-01-201T17:00:00Z in the report example has a 3 digit day
- The threat-actor example is pretty skimpy and should be expanded
- Part 4
- home_dir in unix-account-ext isn't a ref to a directory object, but just a string
- the x509 extension is named inconsistently: most other extensions are "foo_ext", this one is 'x509-v3-extensions-type'
- In the x509-certificate properties table, there is no entry for extension, even though it has one.
- Timestamp in pe-binary-file needs a trailing Z
- Windows-service-ext example should have service_name, not display_name
- In the x509 example, validity_not_before and validity_not_after are after subject – but that is not the order in the table. No big deal – but examples usually follow the order
in the table.
I suggest we fix these for 2.0.
John
|