[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: CTI/Council interaction on Infrastructure SDO’s
Duncan/Carol & All: My take on this debate is that it would be premature for the Council to take up an issue like this. I think Duncan keyed off of my statement in an earlier email about a tie vote from a Straw Man poll we took at the F2F on the Infrastructure SDO. That poll was non-binding and unofficial and not necessarily indicative of the view of the entire TC membership. We would need to do a Ballot to gauge that; and I think it would be premature for a Ballot on this topic as well. As Sarah Kelley noted in her briefing on the status of the STIX 2.1 data objects during our full TC calls yesterday, we have not even had 1 of 3 focused, time-boxed calls within the TC on the potential for an Infrastructure SDO for 2.1. We should take those steps next. It has been my observation that the CTI TC is actually quite effective at working through a process of reasoned debate to come to some agreement on a path forward. I see this proposed SDO as no different from any of the others that we've already worked through. There does seem to be some conflation of the idea of an Infrastructure SDO with a re-examination of the structure of the Observed Data SDO/STIX Cyber Observables (SCOs) relative to the other SDOs. But, I believe, the debate that has commenced on this topic is quite healthy. It is helping people to separate their thinking about STIX 2.x as an interchange graph-based model from the idea of a database that would be used as part of a product implementation. Once we all align our thinking on this matter, I think the separation of these two topics (i.e., 1. adding an Infrastructure SDO to 2.1 and 2. elevating SCOs to top-level citizens) will be made. Then, the path forward to an Infrastructure SDO for 2.1 will be easier to see as a Crawl, Walk, Run approach. I think we need to separate these issues. An Infrastructure SDO solves an immediate implementation problem. The structure of SCOs within the STIX 2.x graph model is a systemic issue that should be debated solely on its own merits. My 2 cents. Jane Ginn On 11/17/2017 9:22 AM, Trey Darley wrote: > On 16.11.2017 08:25:41, Carol Geyer wrote: >> Perhaps the way for the Council to approach it would be to say >> something like "we need whatever solution y'all come up with to meet >> the following objectives (or solve the following problems or...)" >> rather than getting into something that sounds like "well, we vote >> for that technical solution." In other words, have the Council >> address the parameters of the problem rather than get into the >> debates about how to solve it. >> > All - > > There's broad consensus within the CTI TC that we *need* an > Infrastructure SDO in STIX. There's just a lot of work ahead of us to > define the object's properties and relationships. Unless the Council > are able to do that work for us, it's unclear to me how their input > will help accelerate our velocity. > -- Jane Ginn, MSIA, MRP CTI TC Secretary, OASIS Co-Founder of Cyber Threat Intelligence Network, Inc. jg@ctin.us --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]