Hello all. One thing that has become apparent during the past month of debate - STIX 2.0, no matter what it may end up being - is going to be quite a ways off before ratification as a standard. There are a lot of problems to solve and a lot more debate to be had, and this is going most certainly take time. However, I am growing a bit concerned that, while all this fantastic debate has been going on - we are neglecting many real-world important deficiencies in the STIX 1.X lineage.
I am referring to a number of non-breaking enhancements to STIX that have been discussed back-and-forth on the Oasis and MITRE lists for almost a year.
- The need for a new trust-model based marking standard that either significantly enhances the current TLP mechanisms, or replaces them altogether
- The need for improvements to the Sighting mechanisms (the whole +1 discussion)
- The need for sequence based testing
I would like to propose that - temporarily - the CTI-STIX subcommittee try to focus on solving some of these immediate concerns that are impacting users of STIX today in the hear-and-now. The futures conversations should continue of course - but I am wondering if we should try to come up with a separate track or committee for these two threads of this discussion, so that the 1.X line can keep moving forward?
I just worry a lot that we are suffering from split-brain scenario, and as a result the 1.X line is not moving forward.
Does anyone else feel this way?
-
Jason Keirstead
Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com
Without data, all you are is just another person with an opinion - Unknown