OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] STIX 2.1 discussion

Hi All –

 

Here’s my input on work items for the group. Given that several items are not specific to the STIX 2.0 spec I’m not mapping to specific versions of STIX 2.x.

 

1)       Interop test specification for STIX 2.0

a.       Describe use cases and map what specific tests define interoperable by object/capability in STIX 2.0

b.       Write tests and compliance expectations

c.       Map out how orgs can self-certify

2)       Non-TAXII transport of STIX

a.       pxGrid support of STIX 2.0 content

3)       STIX Domain Objects (in no order of preference)

a.       Further Malware context/content

b.       Manifest/Bundle org capability

c.       Internationalization

 

Regards

 

allan

 

From: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> on behalf of "Jordan, Bret" <bret.jordan@bluecoat.com>
Date: Friday, August 19, 2016 at 9:11 AM
To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: [cti-stix] STIX 2.1 discussion

 

Even though STIX 2.0 is just leaving the house, I would like to start work on STIX 2.1...  Here are some of the things I would like to see us do.  Please comment on or add your suggestions....

 

My Primary Goals for 2.1

1) Flesh out the Malware object

2) Add the Incident object 

3) Add the Infrastructure object  

4) Solve the problem of not being able to track when a victim was being targeted.

5) Flesh out Course of Action and add support for OpenC2

 

Stretch Goals 2.1

1) Figure out Confidence 

2) Figure out a solution for Digital Signatures

 

My Primary Goals for 2.2

1) Confidence

2) Digital Signatures

3) Internationalization 

 

 

I would also like to propose that we plan to have this done by end of January 2017.  That gives us 5 months - 1 month for holiday time off = 4 months of development work.  

 

If we could have this discussion wrapped up before the end of August, and have the roadmap in place for 2.1 and 2.2 that would be great. 

 

Thanks,

 

Bret

 

 

 

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]