OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] STIX timestamps and ISO 8601:2000

On 23.11.2015 20:02:12, Barnum, Sean D. wrote:
> Any changes we propose to the standard MUST be traceable back to a
> captured issue.

Fully agree, I'm absolutely in favor of transparency and traceability.

> This is a fundamental property of what formal standards means and is
> true for CybOX and TAXII as well.
> We can’t just throw a bunch of stuff together and call it the new
> version without explicitly showing what was changed and why with
> traceability and transparency of the chain that got us there.

My point is two-fold.

One, the timestamp issue cuts across all three standards but we don't
currently have an issue tracker for CTI-wide issues. We *could* create
an issue for the timestamp issue on all three issue trackers and put a
comment on the TAXII/CybOX issues directing everyone to comment on the
corresponding STIX tracker. But just look at how often people post
'Unsubscribe' emails to the list and you'll find clear evidence that a
lot of folks just can't be bothered to read. So with that model, we'll
wind up with *three* different threads to follow and somehow
reconcile. If we stick with the Github issue tracker model, then we
MUST create a place to capture feedback around questions that cut
across multiple standards.

Two, we're having trouble reaching consensus. Consider how the last
STIX SC call went sideways when it emerged that the STIX co-chairs
*thought* there was consensus on the Sightings object when in fact
there was not. I'm *not* saying we don't use the issue trackers to
ensure traceability. I *am* saying that the issue trackers alone are
proving inadequate mechanisms in driving discussions toward clear
consensus. We need some other mechanism to drive consensus and I don't
think putting the timestamp question to a TC-wide vote is the answer.

Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B  A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
"It is more complicated than you think." --RFC 1925

Attachment: signature.asc
Description: PGP signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]