OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [EXT] Re: [cti-stix] RE: [Non-DoD Source] [cti-stix] Eight Arguments for an Infrastructure SDO for STIX 2.1

Yes, we should do that John-Mark.  Lets walk carefully here.  Lets look at what we have, how things are working (now that we are starting to get running code), and review and make changes where necessary.  If we need to make a change in any part of the spec, because we got something wrong, NOW is the time to do it.  Not 6-12-18-24 months from now.  Given how much is in 2.0 and how few problems we have seen in implementation, I consider that a massive success.  Personally I am not worried or scared about having a few breaking changes 2.1, we kind of knew that might happen.  And finding them now means that people are trying to implement STIX 2, and that is a brilliant thing. These are good problems to have, because that means people care and are looking at adopting our work.

All in all, I think we know and understand the problem with implementing STIX 2 so much more now. And yes, I am sure we will find more than one thing we need to fix/undo/change.  But that does not mean the whole thing is wrong, not at all.  We got sooooo much right. 

Example: We had a large debate the ID format of type--uuid, and I can now say for sure that having that makes your code so much easier. Having that hint about the type in the ID really saves you a lot of pain. 


From: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of John-Mark Gurney <jmg@newcontext.com>
Sent: Monday, November 13, 2017 5:43:43 PM
To: Katz, Gary CTR DC3\DCCI
Cc: JG on CTI-TC; cti-stix@lists.oasis-open.org
Subject: [EXT] Re: [cti-stix] RE: [Non-DoD Source] [cti-stix] Eight Arguments for an Infrastructure SDO for STIX 2.1
Katz, Gary CTR DC3\DCCI wrote this message on Mon, Nov 13, 2017 at 20:09 +0000:
> Option 3: Make Cyber Observables Top Level Objects

What would this look like?

I'm a bit curious because w/o the time information, you'd just need up
w/ an IP object or a DNS query object, which with out context doesn't
seem useful.  Most objects can on their own convey some information w/o
having to resolve references.

Can you at least give me a sample of what a cyber observable as a TLO
would look like?



To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]