John,
We have received your comments on STIX 2.0 CSDPR01 below. Thanks for your feedback!
The TC maintains a log of all comments received on its work here:https://docs.google.com/spreadsheets/d/1TCNdwL9o4lbblsIlDfeV0mHsBVGMdbFgwp95dhLLfaI/edit#gid=5055878.
Your comments have been added as comments 4-15. When the public review period is over, the TC will consider all comments and note the resolutions in the log.
Again, thank you for your comment and please feel free to send along additional observations.
Sarah Kelley
STIX SC Co-Chair
Sarah Kelley
Senior Cyber Threat Analyst
Multi-State Information Sharing and Analysis Center (MS-ISAC)
31 Tech Valley Drive
East Greenbush, NY 12061
sarah.kelley@cisecurity.org
518-266-3493
24x7 Security Operations Center
SOC@cisecurity.org - 1-866-787-4722
From: <cti-comment@lists.oasis-open.org> on behalf of "Wunder, John A." <jwunder@mitre.org>
Date: Monday, March 27, 2017 at 4:28 PM
To: "cti-comment@lists.oasis-open.org" <cti-comment@lists.oasis-open.org>
Subject: [cti-comment] STIX 2.0 CSD01 errata as of March 27
All,
In working through the STIX 2.0 documents, the editors have found the following issues, most of which are minor:
- Part 1:
- Update section 5.1.2 to correct the data markings description to indicate that they can't have relationships.
- Part 2:
- Attack pattern example: external_reference should have an external_id property
- The create time of the malware in the coa example is after the create time of the relationship that refers to it
- The COA Example has a typo. The Malware SDO at the bottom of the example has a property called `relationship_type` which should actually be `name`
- 2016-01-201T17:00:00Z in the report example has a 3 digit day
- The threat-actor example is pretty skimpy and should be expanded
- Part 4
- home_dir in unix-account-ext isn't a ref to a directory object, but just a string
- the x509 extension is named inconsistently: most other extensions are "foo_ext", this one is 'x509-v3-extensions-type'
- In the x509-certificate properties table, there is no entry for extension, even though it has one.
- Timestamp in pe-binary-file needs a trailing Z
- Windows-service-ext example should have service_name, not display_name
- In the x509 example, validity_not_before and validity_not_after are after subject – but that is not the order in the table. No big deal – but examples usually follow the order
in the table.
I suggest we fix these for 2.0.
John
...
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender
immediately and permanently delete the message and any attachments.