[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Things that are difficult in STIX
Just want to share the first mapping I did quickly for OMG/STIX effort. This highlights (if you can understand it) the things that are missing or weak for now in STIX (imho). 2015-11-18 23:27 GMT+03:00 Barnum, Sean D. <sbarnum@mitre.org>: > Great writeup Terry. > > Reading through your list it looks to me like: > > 17 (1, 2, 3 (partial), 5, 7, 8, 9 (partial), 10, 11, 13, 17, 18, 21, 22, 23, > 24, 25 (partial)) of these items are covered within the current STIX 2.0 > Top10 Roadmap of issues, > 3 (4, 16, 19) of these items are currently identified Tier1 issues that are > not in the Top10 roadmap but should come up soon after the Top10 are done, > 4 (6, 12, 15, 20) of these items are new items to add to the issue tracker > And 1 (14) item I am unsure exactly how it fits in ;-) > > So, if we as an SC can stay focused and collaboratively work our way through > the current Top10 Roadmap it looks like we will have addressed the large > majority (~70% or actually ~80% if you consider that 6, 12, 15 and 20 are > asking for new capabilities rather than simplification of existing > capability) of the issues you see as significant complexities in current > STIX. > That seems like it will be a pretty huge win. > I would suspect that the next 10 issues beyond the current Top10 roadmap > would reduce the remaining 20-30% of “simplification” issues significantly > again. > > I suspect I will have specific questions, issues and comments on particular > items here or their proposed solutions as we move through the issues but > overall I am heartened that it looks like we are on the right track with our > current roadmap and I am happy to work through it 1-2 issues at a time. > > Once again, thank you for making the effort to pull this together. > > sean > > > From: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> on > behalf of Terry MacDonald <terry@soltra.com> > Date: Tuesday, November 17, 2015 at 8:47 PM > To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> > Subject: [cti-stix] Things that are difficult in STIX > > Hi All, > > > > We’ve spent a bit of time over the last 2 weeks thinking about where STIX > could be improved. We’ve gone through the various discussion points that > people have raised on and off list, and through the various experiences that > we’ve had ourselves in using STIX. The attached document is the result of > that work. In it we list 25 topics that we believe could be improved in some > way (or at least should be discussed). > > > > Our hope is that the document will help prompt discourse, and move us > towards consensus so that we can agree some of the cross-cutting major > issues that Sean mentioned in his STIX v2.0 Roadmap wiki page. We plan to > add these items to the STIX issue tracker, and to the STIX v2.0 Roadmap wiki > page, so that they are accurately tracked and followed. > > > > Please feel free to provide feedback on this document – positive or not – as > the end goal is making something that was better than before. We have thick > skins J. > > > > Also - thank you to all who provided items for inclusion in the list. I > haven’t named people as I wasn’t sure if they wanted their names public. But > please accept my thanks for your input. > > > > Cheers > > > > Terry MacDonald > > Senior STIX Subject Matter Expert > > SOLTRA | An FS-ISAC and DTCC Company > > +61 (407) 203 206 | terry@soltra.com > > > >
Attachment:
OMG_Risk_STIX_Mapping.xlsx
Description: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]