Re: [cti-stix] STIX timestamps and ISO 8601:2000

["Barnum, Sean D." <sbarnum@mitre.org>]

Sorry Trey but this is not the case.

Any changes we propose to the standard MUST be traceable back to a captured issue.
This is a fundamental property of what formal standards means and is true for CybOX and TAXII as well.

We can’t just throw a bunch of stuff together and call it the new version without explicitly showing what was changed and why with traceability and transparency of the chain that got us there.

sean



On 11/23/15, 5:49 AM, "Trey Darley" <trey@soltra.com> wrote:

>On 20.11.2015 21:01:18, Barnum, Sean D. wrote:
>> If we are going to revisit this, we will need to make sure that we
>> have the appropriate voices (incident response, threat analysts,
>> etc.) involved in the conversation. They are the ones with a clear
>> understanding of the diverse “real-world” timestamp issues for
>> threat intel.
>> 
>> I would suggest adding this as an issue in the tracker.
>> 
>
>Naw, we don't need to add this as an issue to the tracker. We can take
>a decision and just move on.
>
>Proposed: STIX 2.0 / CybOX 3.0 timestamps MUST be in ISO 8601 format,
>MUST be specified in UTC, and MUST include nanosecond precision. (If
>the underlying tools don't support this level of granularity, then
>implementers can append zeros.)
>
>A la: `date "+%Y-%m-%dT%H:%M:%S.%N%:z"`
>
>Simple. Done. Next topic?
>
>-- 
>Cheers,
>Trey
>--
>Trey Darley
>Senior Security Engineer
>4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
>Soltra | An FS-ISAC & DTCC Company
>www.soltra.com
>--