OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] Modifications to STIX 2.0-wd2


My hope is that we can stick with a time based approach.  But I also believe in shipping features once they are done.  So if it takes us a month or so to fix some of these breaking changes that were brought up at the face 2 face, then what else can get done and included at the same time.  

Bret 

Sent from my Commodore 64

On Sep 18, 2016, at 8:32 AM, Allan Thomson <athomson@lookingglasscyber.com> wrote:

John/chair(s) – it seems that we are moving away from time-based criteria (i.e. get the spec done by date X) to value-based criteria (include feature Y because of Z) for next steps on 2.0.

 

If this is the guidance that the chairs are giving, then I’m fine with that.

 

However, if that is the change then should the value-based criteria not be more thorough/pragmatic where requirements and use cases are reviewed/agreed by the community more broadly?

 

Also, if we decide to do this approach then are dates no longer important? It seems like we are flip-flopping on goal of getting a MVP standard done asap to one that includes more features.

 

Suggest we discuss on the TC call on Tuesday if possible.

 

Allan

 

p.s. I agree with some of the list you have provided as valuable but was assuming that STIX 2.1 was the place for those.

 

 

From: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> on behalf of "Wunder, John" <jwunder@mitre.org>
Date: Friday, September 16, 2016 at 9:30 AM
To: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Subject: Re: [cti-stix] Modifications to STIX 2.0-wd2

 

All,

 

Sorry for the e-mail mixup, Outlook on Mac = A+.

 

With the recent ballot on the STIX RC passing we’ve all agreed that the foundation of STIX 2.0 is pretty stable. That said, recent discussion on the lists and at the face to face has also made it clear that we probably need to do at least one more committee draft specification prior to taking things any farther. Several breaking changes have been proposed that we should address, and other features might be getting close to done and be seen as high enough value to tackle now.

 

So, with that, I’d like to kick start another scope discussion. My question is: which of these topics should be considered for STIX 2.0?

 

1.      Confidence, Reliability, and related metrics

2.      Malware object expansions / changes

3.      Infrastructure object

4.      Gary’s relationship fixes

5.      Location object / location on objects

6.      Comment object / comments

7.      Observed data changes (using a pattern rather than instance)

8.      Incident object

9.      I18n

10.  Other topics that I’m missing that you think we should do for 2.0?

  

My philosophy is essentially get what we have now right and then focus on the next release. Thus, my thought is that the scope is mostly the same as before:

 

1.      Confidence: no

2.      Malware: Yes, make sure we get it right, no to adding a bunch of stuff

3.      Infrastructure: no

4.      Gary’s relationship fixes: yes

5.      Location: yes, get it right

6.      Comment: no

7.      Observed data: discuss and get it right, but do not expand functionality

8.      Incident: no

9.      i18n: yes (only expansion, because I feel like we’re very close)

 

I want to caution people to not say “all of them” without thinking very carefully. Remember, this was supposed to be an MVP release that we can build on top of. It’s probably worth keeping the scope similar to what we initially had rather than adding new items unless there’s a lot of value and they can be done and agreed to relatively quickly.

 

Thanks!

John



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]