Re: [cti-stix] Modifications to STIX 2.0-wd2

All,

Sorry for the e-mail mixup, Outlook on Mac = A+.

With the recent ballot on the STIX RC passing we’ve all agreed that the foundation of STIX 2.0 is pretty stable. That said, recent discussion on the lists and at the face to face has also made it clear that we probably need to do at least one more committee draft specification prior to taking things any farther. Several breaking changes have been proposed that we should address, and other features might be getting close to done and be seen as high enough value to tackle now.

So, with that, I’d like to kick start another scope discussion. My question is: which of these topics should be considered for STIX 2.0?

1. Confidence, Reliability, and related metrics

2. Malware object expansions / changes

3. Infrastructure object

4. Gary’s relationship fixes

5. Location object / location on objects

6. Comment object / comments

7. Observed data changes (using a pattern rather than instance)

8. Incident object

9. I18n

10. Other topics that I’m missing that you think we should do for 2.0?

My philosophy is essentially get what we have now right and then focus on the next release. Thus, my thought is that the scope is mostly the same as before:

1. Confidence: no

2. Malware: Yes, make sure we get it right, no to adding a bunch of stuff

3. Infrastructure: no

4. Gary’s relationship fixes: yes

5. Location: yes, get it right

6. Comment: no

7. Observed data: discuss and get it right, but do not expand functionality

8. Incident: no

9. i18n: yes (only expansion, because I feel like we’re very close)

I want to caution people to not say “all of them” without thinking very carefully. Remember, this was supposed to be an MVP release that we can build on top of. It’s probably worth keeping the scope similar to what we initially had rather than adding new items unless there’s a lot of value and they can be done and agreed to relatively quickly.

Thanks!

John

cti-stix message