[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] STIX Subcommittee Nomination
|
Trey,
CybOX is intentionally designed to express “just the facts” without specific contextual meaning in order to serve multiple domain-specific purposes without bias.
STIX is not the only “user” of CybOX.
It is also used by MAEC within a malware characterization context and by DFAX within a digital forensics analysis perspective. And by a couple other less active thought exercises on things like SCRM or a common representation for sensor output.
The point being that it would not really be feasible or desirable to try to absorb CybOX into STIX as it would break the flexible structure of the standards ecosystem we are working to develop and promulgate.
I would strongly advise that STIX and CybOX remain independent but related efforts with their own SCs.
Does that make sense?
sean
From: Trey Darley <trey@soltra.com>
Date: Thursday, June 18, 2015 at 3:35 PM To: "mona.magathan@usbank.com" <mona.magathan@usbank.com> Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> Subject: Re: [cti] STIX Subcommittee Nomination Hi, y'all - I was hoping to avoid weighing into the subcommittee discussion until Friday as it's already rather late in Berlin but here goes... I move to create two technical subcommittees: representation and transport. I would like to see CybOX merged into STIX. To me it makes absolutely no sense maintaining them as separate standards. If we begin with separate STIX and CybOX committees, the raison d'etre of the CybOX committee is likely to become the maintenance of its own existence, human politics being what it is. (Pun intended.) We can always decide to keep STIX and CybOX separate and spin up dedicated subcommittees but I would like to see us start with one single representation subcommittee tasked with deciding whether merging the two taxonomies into one makes sense. Cheers, On Jun 18, 2015 9:09 PM,
mona.magathan@usbank.com wrote:
Hi All,
I am submitting a proposal to create a STIX subcommittee and nominate Aharon Chernin & Sean Barnum as co-chairs The STIX subcommittee will maintain and steer the future direction of the Structured Threat Information _expression_ language. Deliverables:
Mona Magathan Information Security Services U.S. Bank (206) 225.7519 U.S. BANCORP made the following annotations --------------------------------------------------------------------- Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation. --------------------------------------------------------------------- |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]