OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: MTI Evaluation Criteria

Hi STIX Subcommittee Members:

I've been reading with great interest the ongoing debate about establishing a Mandatory To Implement (MTI) binding for moving us forward on STIX 2.0.

Before Sean suggested that we table it for a while he had made the point that we need to take 4 keys steps to move discussions forward in a systematic way. I'll paraphrase here. 

We need to establish:

1)  Requirements and evaluation criteria for selecting an MTI binding;

2) Binding options (capabilities & limitations);

3) A review process to determine how each option would/could meet our evaluation criteria; and

4) A way to guage the priorities and preferences of our members.

To advance this agenda I have begun to put together a matrix (see attached) to capture the following:

HORIZONTAL AXIS: Evaluation criteria gleaned from the substantive discussions. [Item 1, above]

VERTICAL AXIS: Technology stack as characterized by Sean, Cory, Shawn and others. [Refinement to Item 1, above]

MATRIX CELLS: Candidate technologies that I have heard mentioned by members of the TC and other interested parties. [Item 2, above]

Note that this is just a first cut. I'm offering it here as a potential framework (straw man) for advancing these discussions in a manner that will help us reach a concensus sooner, rather than later. I challenge those of you with an interest in this matter to edit this matrix liberally to help make it really reflect group think. Perhaps it should be added to the wiki for that; which might address Item 3, above.

Note that I also acknowledge that any MTI selected for STIX must also accommodate the needs of CybOX. A similar sort of matrix could be constructed for that MTI selection process, if needed.

To address Item 4 I'd like to suggest a Survey Monkey survey that captures some of the ideas that get flushed out in the matrix and gives us a quantitative guage of member preferences.

All for now,

Jane Ginn, MSIA, MRP
Cyber Threat Intelligence Network, Inc.
jg@ctin.us

Attachment: STIX_MTI_EvalCriteria1.xlsx
Description: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]