| Agreed with the raised concerns about IP problems introduced by moving away from the closed-to-non-member contribution process currently at OASIS.
That said, this was exactly why the extension model was introduced into STIX2.1 so facilitate open collaboration/contributions outside of the âstandardâ process so that like-minded vendors/orgâetc could work on new things together that they required on top of the base STIX 2.1 standard. The extension mechanism should and is open-source by its nature. It already supports what Alexandre is suggesting but could be improved in terms of understanding/awareness and activities in that area. Clearly itâs not well-understood in the community that we already have the basis for what Alexandre wants. This was the whole point of what we did with extensions and how to extend the standard WITHOUT having to get involved as a member in OASIS or in the TC per se.
I suggest people consider this before changing the fundamentals of OASIS TC workings. Itâs not required. Just use the extensions mechanisms in GitHub and create an active community around that and you get what Alexandre wants.
Regards
allan On Feb 3, 2023, at 6:12 AM, Jason Keirstead <jason.keirstead@ca.ibm.com> wrote:
It would be good for Chet to weigh in on some of those, because I am not sure it is possible to move the TC process to Git unless it is transitioned entirely from a TC into an OASIS Open Project.
The IP rules around TCs mean that only TC members can participate in the development of the standard, the general public only sees it when calls for comment go out and/or when a work product is published â they donât get to participate in the interim work product
because it would invite submarine patents due to tainted IP. The OASIS OP processes that require a CLA to submit a PR to Github are what protects that.
-
Jason Keirstead
Distinguished Engineer, CTO - IBM Security Threat Management | www.ibm.com/security Assistant - Mauricio DurÃn Cambronero (mauduran@ibm.com) Co-Chair - Open Cybersecurity Alliance, Project Governing Board www.opencybersecurityalliance.org
From:
cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Alexandre Dulaunoy <alexandre.dulaunoy@x.circl.lu>
Date: Friday, February 3, 2023 at 4:22 AM
To: Bret Jordan <jordan.oasisopen@gmail.com>
Cc: Alexandre Dulaunoy <alexandre.dulaunoy@circl.lu>, Kelly Cullinane <kelly.cullinane@oasis-open.org>, cti <cti@lists.oasis-open.org>, Chet Ensign <chet.ensign@oasis-open.org>
Subject: [EXTERNAL] Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC
Dear Bret,
Thank you for your questions.
To answer your first question, my vision of the TC is to have a more open, asynchronous[1] and contributive environment.
If I have to name three things to be changed, I'm thinking of the following ones:
- Move the processes of the CTI TC into an open source process with a git repository acting as the primary source
- Publish requests for changes, updates or improvements of the standard in the git repository via pull-requests
- Remove the online meeting attendance requirements in order to maintain voting rights
The sub-groups/sub-committees strategy is working quite well but might need some updates to open the contributions from
different organisations using the standards and willing to take part of its improvement.
I really hope the CTI TC is moving forward in a community-driven model bringing values to all vendors and software developers by using
the standard and being able to provide their improvements in a timely manner.
Kind regards
[1] Meaning allowing all participants in different TZ/regions to contribute without having to get up in the middle of the night ;-)
--
Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
122, rue Adolphe Fischer - L-1521 Luxembourg
info@circl.lu - www.circl.lu - (+352) 247 88444
----- Original Message -----
From: "Bret Jordan" <jordan.oasisopen@gmail.com>
To: "Alexandre Dulaunoy" <alexandre.dulaunoy@circl.lu>
Cc: "Kelly Cullinane" <kelly.cullinane@oasis-open.org>, "cti" <cti@lists.oasis-open.org>, "Chet Ensign" <chet.ensign@oasis-open.org>
Sent: Thursday, 2 February, 2023 21:19:52
Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC
Alexandre,
I would like to ask a few questions..
1) What is your vision and plan for the CTI TC?
2) What are the top three things that should be changed?
3) What are the things that are going well that you would like to see
continue?
4) In your view, what does the CTI TC look like in 3-5 years?
Bret
On Wed, Feb 1, 2023 at 3:50 AM Alexandre Dulaunoy <
alexandre.dulaunoy@x.circl.lu> wrote:
> Dear TC members, Dear Kelly,
>
> Thank you for your invitation.
>
> I would like to express my interest in becoming a Co-Chair candidate for
> the Cyber Threat Intelligence (CTI) TC.
>
> I have been leading the CIRCL (Computer Incident Response Center
> Luxembourg) team for the past 13 years
> and I'm additionally co-leading multiple open source projects/communities
> such as MISP and the MISP standard.
>
> What I could bring to the table as TC co-chair, would be my experience in
> both standard development as well
> as its application in real world scenarios and tooling.
>
> Cheers
>
> --
> Alexandre Dulaunoy
> CIRCL - Computer Incident Response Center Luxembourg
> 122, rue Adolphe Fischer - L-1521 Luxembourg
> info@circl.lu - www.circl.lu - (+352) 247 88444
>
> ----- Original Message -----
> From: "Kelly Cullinane" <kelly.cullinane@oasis-open.org>
> To: "cti" <cti@lists.oasis-open.org>
> Cc: "Chet Ensign" <chet.ensign@oasis-open.org>
> Sent: Wednesday, 1 February, 2023 01:00:00
> Subject: [cti] Inviting nominations for Chair of Cyber Threat Intelligence
> (CTI) TC
>
> To all members of the Cyber Threat Intelligence (CTI) TC:
>
>
> Due to the recent vacancy of both Co-Chair positions, the CTI TC is calling
> for nominations for new Chair/Co-Chairs. If you are interested in serving
> as a Chair or in nominating another individual for the position of Chair,
> you are welcome to make that candidacy known by posting a note to the TC's
> e-mail list expressing your interest and/or intent along with a brief
> statement of your or their qualifications.
>
>
> The call for nominations will be open for 7 days and close at 11:59pm UTC
> on 07 February 2023. The TC Administrator will then open a ballot for all
> eligible members to vote. Please be aware that only TC members with voting
> rights will be eligible to vote for the chair/co-chairs.
>
>
> Thank you,
> Kelly Cullinane
>
>
> --
>
> Kelly Cullinane
>
> Technical Community Program Steward
>
> OASIS Open
>
> +1-903-241-6063
> *kelly.cullinane@oasis-open.org <kelly.cullinane@oasis-open.org>*
> www.oasis-open.org
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail. Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
|