I just want to make sure that everyone understands that the amount of actual work that is required for STIX 1.3 (or however it gets numbered) is minimal (mostly editorial changes to comply with OASIS policies) and therefore the overhead and complexity of yet another subcommittee that would exist only for a relatively brief time (months) is hard to justify IMHO. We also run the risk of bifurcation between 1.3 and 2.0. I think that a single STIX subcommittee would be most appropriate to shepherd both sets of specs. A single STIX subcommittee could make sure 1.3 was in process and then turn its attention to 2.0 without much effort. Finally, I can’t imagine someone being really interested in STIX 1.3 but not being interested in STIX 2.0 and I’d hate to have people feel like they need to choose or participate in a whole boatload of subcommittees, each with their own meetings. From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Joep Gommers
Sent: Thursday, June 18, 2015 3:33 PM
To: Jordan, Bret; Aharon Chernin
Cc: tony@yaanatech.com; mona.magathan@usbank.com; cti@lists.oasis-open.org
Subject: Re: [cti] STIX Subcommittee Nomination I can also see some advantage with regards to focus. Separate work stream with separate cadence, leadership expertise, etc might be helpful. J- The same people may be on both subcommittees. By breaking them up this allows each subcommittee to focus on different things. There are some people that will not care about STIX 1.3 and some that will not care about STIX 2.0 Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." I think a single STIX committee will ensure good communication between the folks working STIX 1.x and STIX 2.x. This may also improve interoperability between the two major releases. SOLTRA | An FS-ISAC & DTCC Company
I am against the idea of creating a single STIX working group. STIX 1.3 and STIX 2.0 are two totally different animals and we do not want to bog one down to work on the other. I could see Aharon and Sean co-Chairing the STIX 1.3 sub committee. I would be good with that. Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." Yaana seconds the proposal Hi All,
I am submitting a proposal to create a STIX subcommittee and nominate Aharon Chernin & Sean Barnum as co-chairs
The STIX subcommittee will maintain and steer the future direction of the Structured Threat Information _expression_ language.
Deliverables: - Create a roadmap for STIX 1.x
- Maintain and enhance STIX 1.x as necessary
- Create a roadmap for STIX 2.x
- Design and create STIX 2.x
- STIX Documentation
-
Regards,
Mona Magathan
Information Security Services
U.S. Bank
(206) 225.7519
U.S. BANCORP made the following annotations
---------------------------------------------------------------------
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.
---------------------------------------------------------------------
-- ________________________________ Anthony Michael Rutkowski EVP, Industry Standards & Regulatory Affairs ________________________________
|