|I think the amount of work for 1.3 and its maintenance will be a lot bigger and take lot more time then we realize. Given the cadence of this group in the past and all of the dynamic personalities that exist, I can see the initial work for STIX 1.3 taking at least 2 months to complete. And then we have all of the approvals and public comments. So say we can get STIX 1.3 is out the door by October / November, then that group will also have maintenance and tweaking and such to do for several years to come. Or at least until STIX 2.0 is done and everyone is given plenty of time to migrate (say 6-12 month migration). And in fact some groups and users may use STIX 1.x for many years to come. |
STIX 2.0 represents a lot of major changes that need to happen to support all of the things we have been working on and talking about for well over 12 months. I can see STIX 2.0 taking, with this group and its dynamics, 18-24 months to complete, then you have the approvals and then system migrations.
If it was purely up to me, I would have STIX 1.3 done by end of month and I would have STIX 2.0 done by end of year, but alas, it is not.
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
I just want to make sure that everyone understands that the amount of actual work that is required for STIX 1.3 (or however it gets numbered) is minimal (mostly editorial changes to comply with OASIS policies) and therefore the overhead and complexity of yet another subcommittee that would exist only for a relatively brief time (months) is hard to justify IMHO. We also run the risk of bifurcation between 1.3 and 2.0. I think that a single STIX subcommittee would be most appropriate to shepherd both sets of specs. A single STIX subcommittee could make sure 1.3 was in process and then turn its attention to 2.0 without much effort.
Finally, I can’t imagine someone being really interested in STIX 1.3 but not being interested in STIX 2.0 and I’d hate to have people feel like they need to choose or participate in a whole boatload of subcommittees, each with their own meetings.
I can also see some advantage with regards to focus. Separate work stream with separate cadence, leadership expertise, etc might be helpful. J- The same people may be on both subcommittees. By breaking them up this allows each subcommittee to focus on different things. There are some people that will not care about STIX 1.3 and some that will not care about STIX 2.0 Director of Security Architecture and Standards | Office of the CTO PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
I think a single STIX committee will ensure good communication between the folks working STIX 1.x and STIX 2.x. This may also improve interoperability between the two major releases. SOLTRA | An FS-ISAC & DTCC Company I am against the idea of creating a single STIX working group. STIX 1.3 and STIX 2.0 are two totally different animals and we do not want to bog one down to work on the other. I could see Aharon and Sean co-Chairing the STIX 1.3 sub committee. I would be good with that. Director of Security Architecture and Standards | Office of the CTO PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
Yaana seconds the proposal
I am submitting a proposal to create a STIX subcommittee and nominate Aharon Chernin & Sean Barnum as co-chairs
The STIX subcommittee will maintain and steer the future direction of the Structured Threat Information _expression_ language.
- Create a roadmap for STIX 1.x
- Maintain and enhance STIX 1.x as necessary
- Create a roadmap for STIX 2.x
- Design and create STIX 2.x
- STIX Documentation
Information Security Services
U.S. BANCORP made the following annotations
Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.
________________________________ Anthony Michael Rutkowski EVP, Industry Standards & Regulatory Affairs ________________________________