OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cacao message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Playbook Licensing

In contemplation of discussion surrounding playbooks being offered both as commercial products and as freely shared 'formulary', I began to consider the need to protect access to open playbooks while protecting the commercial rights of others. To me the CACAO effort has exceeded the content of previous threat intelligence standards in that it contains not only data to be shared but also importantly, sizable algorithmic content in the form of the Actions workflow and as such may be a candidate for licensing. Any licensing approach presumably would have to address the challenge of extension and branching in both a commercial and non-commercial setting.
A potential approach to licensing initial and subsequent editions of playbooks would perhaps require a field or fields within the planned standard that might also be tied to the playbook version field.  Potential pitfalls of failing to address content control might include the loss of access to open playbooks or the creation of disincentives to sharing, which might have otherwise taken place. As such, the choice between the presence or absence of licensing as a means to accomplish control of rights, it would seem, should be addressed and agreed upon even within the initial offering of the standard.
Without characterizing this topic any further I'd like to raise this item initially for email discussion, welcoming all opinions.
My Thanks,
John Morris

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]