OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] Things that are difficult in STIX

Great writeup Terry.

Reading through your list it looks to me like:
  • 17 (1, 2, 3 (partial), 5, 7, 8, 9 (partial), 10, 11, 13, 17, 18, 21, 22, 23, 24, 25 (partial)) of these items are covered within the current STIX 2.0 Top10 Roadmap of issues, 
  • 3 (4, 16, 19) of these items are currently identified Tier1 issues that are not in the Top10 roadmap but should come up soon after the Top10 are done, 
  • 4 (6, 12, 15, 20) of these items are new items to add to the issue tracker
  • And 1 (14) item I am unsure exactly how it fits in ;-)
So, if we as an SC can stay focused and collaboratively work our way through the current Top10 Roadmap it looks like we will have addressed the large majority (~70% or actually ~80% if you consider that 6, 12, 15 and 20 are asking for new capabilities rather than simplification of existing capability) of the issues you see as significant complexities in current STIX. 
That seems like it will be a pretty huge win. 
I would suspect that the next 10 issues beyond the current Top10 roadmap would reduce the remaining 20-30% of “simplification” issues significantly again.

I suspect I will have specific questions, issues and comments on particular items here or their proposed solutions as we move through the issues but overall I am heartened that it looks like we are on the right track with our current roadmap and I am happy to work through it 1-2 issues at a time.

Once again, thank you for making the effort to pull this together.


From: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> on behalf of Terry MacDonald <terry@soltra.com>
Date: Tuesday, November 17, 2015 at 8:47 PM
To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: [cti-stix] Things that are difficult in STIX

Hi All,


We’ve spent a bit of time over the last 2 weeks thinking about where STIX could be improved. We’ve gone through the various discussion points that people have raised on and off list, and through the various experiences that we’ve had ourselves in using STIX.  The attached document is the result of that work. In it we list 25 topics that we believe could be improved in some way (or at least should be discussed).


Our hope is that the document will help prompt discourse, and move us towards consensus so that we can agree some of the cross-cutting major issues that Sean mentioned in his STIX v2.0 Roadmap wiki page. We plan to add these items to the STIX issue tracker, and to the STIX v2.0 Roadmap wiki page, so that they are accurately tracked and followed.


Please feel free to provide feedback on this document – positive or not – as the end goal is making something that was better than before. We have thick skins J.


Also - thank you to all who provided items for inclusion in the list. I haven’t named people as I wasn’t sure if they wanted their names public. But please accept my thanks for your input.




Terry MacDonald

Senior STIX Subject Matter Expert

SOLTRA | An FS-ISAC and DTCC Company

+61 (407) 203 206 | terry@soltra.com



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]