OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] STIX Subcommittee Nomination


Hi Jerome,

I believe the CTI TC is the 'one ring to rule them all' (sorry watching Lord on the Rings right now on TV). I guess that's the mgmt committee you're referring to?

Cheers

Terry MacDonald | STIX, TAXII, CybOX Consultant




Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

On 19 June 2015 at 19:38, Jerome Athias <athiasjerome@gmail.com> wrote:
while we'll probably come with multiple (sub) -Technical- Committees, I wonder if we should have a "Management Committee" on top of them?
But maybe that's what is currently called TC in OASIS and why we have Subcommittees... (@Chet ?)

(Sorry if it is just semantic...)

Best regards


2015-06-19 6:53 GMT+03:00 Jordan, Bret <bret.jordan@bluecoat.com>:
After talking to several people I will withdraw my request to have version specific sub-committees.  


Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Jun 18, 2015, at 19:57, Terry MacDonald <terry.macdonald@threatloop.com> wrote:

Hi All,

I prefer the original sub-committee plan of separation into TAXII, STIX and CybOX sub-committees. In my opinion,  the use of three sub-committees, each overseeing each individual standard continues the structure that has proven so effective over the last few years. Some people only care about STIX, others about TAXII, and having that separation means people only need to see discussions if they care about that particular standard. If they don't, then they can only participate in the sub-committees they care about. 

I would be worried about splicing the subcommittees into version specific sub-sub-committees. I personally think that would dilute the discussions, and there would be the possibility of information being seen by the STIX v1.3 sub-sub-committee that would be potentially be missed by the STIX v2.0 sub-sub-committee. I'm doubtful this would work.

In any case, the formation of the 2 sub-committees is already defined in our CTI TC Charter. From what I have read, changing this would result in us rechartering the TC (https://www.oasis-open.org/policies-guidelines/tc-process#rechartering), which is not something any of us want to see at this early stage.  

Cheers

Terry MacDonald | STIX, TAXII, CybOX Consultant




Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers.

On 19 June 2015 at 10:09, Patrick Maroney <Pmaroney@specere.org> wrote:
STIX/CybOX/TAXII Veterans:   One good thing, folks:

 We now have the formal processes to end the discourse, after we've reasonably considered all views, cast our votes to establish overall community consensus, and then move on to the next set of challenges.   I'm sure I'll "lose" more than I "win", but look forward to engaging with all of you, especially those who bring a diverse set of perspectives and knowledge to what we can now globally refer to as "our thing".

Patrick Maroney
Office:  (856)983-0001
Cell::     (609)841-5104

From: <cti@lists.oasis-open.org> on behalf of Peter Allor <pallor@us.ibm.com>
Date: Thursday, June 18, 2015 at 7:46 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>

Subject: RE: [cti] STIX Subcommittee Nomination

Agreed.

Note trimming addressee's.

<graycol.gif>"Bush, Jonathan" ---06/18/2015 05:46:42 PM---That I think makes more sense. From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On B


From: "Bush, Jonathan" <jbush@dtcc.com>
To: "'Barnum, Sean D.'" <sbarnum@mitre.org>, Joep Gommers <joep@intelworks.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>, "Aharon Chernin" <achernin@soltra.com>
Cc: "tony@yaanatech.com" <tony@yaanatech.com>, "mona.magathan@usbank.com" <mona.magathan@usbank.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date: 06/18/2015 05:46 PM
Subject: RE: [cti] STIX Subcommittee Nomination
Sent by: <cti@lists.oasis-open.org>





That I think makes more sense.
 
From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Barnum, Sean D.
Sent:
 Thursday, June 18, 2015 3:43 PM
To:
 Joep Gommers; Jordan, Bret; Aharon Chernin
Cc:
 tony@yaanatech.com; mona.magathan@usbank.com; cti@lists.oasis-open.org
Subject:
 Re: [cti] STIX Subcommittee Nomination
 
So, the typical way of doing this would be to have a single STIX SC with multiple work product efforts (e.g. STIX 1.x & STIX 2.0) underway with different editors and contributors.
This provides the coordination and communication Aharon describes as well as the separate focus that Bret, et al, describe.
This is true of almost all SDOs and I think still meets the objectives you are all conveying here.
 
sean
 
From: Joep Gommers <joep@intelworks.com>
Date:
Thursday, June 18, 2015 at 3:33 PM
To:
"Jordan, Bret" <bret.jordan@bluecoat.com>, Aharon Chernin <achernin@soltra.com>
Cc:
"tony@yaanatech.com" <tony@yaanatech.com>, "mona.magathan@usbank.com" <mona.magathan@usbank.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject:
Re: [cti] STIX Subcommittee Nomination
 
I can also see some advantage with regards to focus. Separate work stream with separate cadence, leadership expertise, etc might be helpful. J-
 
From: "Jordan, Bret" <bret.jordan@bluecoat.com>
Date:
Thursday, June 18, 2015 at 9:26 PM
To:
Aharon Chernin <achernin@soltra.com>
Cc:
"tony@yaanatech.com" <tony@yaanatech.com>, "mona.magathan@usbank.com" <mona.magathan@usbank.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject:
Re: [cti] STIX Subcommittee Nomination
 
The same people may be on both subcommittees.  By breaking them up this allows each subcommittee to focus on different things.  There are some people that will not care about STIX 1.3 and some that will not care about STIX 2.0
 
Thanks,
 
Bret
 
 
 
Bret Jordan CISSP 
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
 
    On Jun 18, 2015, at 13:23, Aharon Chernin <achernin@soltra.com> wrote:
     
    I think a single STIX committee will ensure good communication between the folks working STIX 1.x and STIX 2.x. This may also improve interoperability between the two major releases.
     
    Aharon Chernin
    CTO

    SOLTRA | An FS-ISAC & DTCC Company
    18301 Bermuda green Dr
    Tampa, fl 33647
    813.470.2173 | achernin@soltra.com
    www.soltra.com

    From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Jordan, Bret <bret.jordan@bluecoat.com>
    Sent:
     Thursday, June 18, 2015 3:20 PM
    To:
     tony@yaanatech.com
    Cc:
     mona.magathan@usbank.com; cti@lists.oasis-open.org
    Subject:
     Re: [cti] STIX Subcommittee Nomination 
     
    I am against the idea of creating a single STIX working group.  STIX 1.3 and STIX 2.0 are two totally different animals and we do not want to bog one down to work on the other.    
     
    I could see Aharon and Sean co-Chairing the STIX 1.3 sub committee.  I would be good with that.  
     
    Thanks,
     
    Bret
     
     
     
    Bret Jordan CISSP 
    Director of Security Architecture and Standards | Office of the CTO
    Blue Coat Systems
    PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
     
      On Jun 18, 2015, at 13:10, Tony Rutkowski <tony@yaanatech.com> wrote:
       
      Yaana seconds the proposal
      On 2015-06-18 3:08 PM, mona.magathan@usbank.com wrote:
        Hi All,

        I am submitting a proposal to create a STIX subcommittee and nominate Aharon Chernin & Sean Barnum as co-chairs

        The STIX subcommittee will maintain and steer the future direction of the Structured Threat Information _expression_ language.


        Deliverables:
        • Create a roadmap for STIX 1.x
        • Maintain and enhance STIX 1.x as necessary
        • Create a roadmap for STIX 2.x
        • Design and create STIX 2.x
        • STIX Documentation
        •  
        Regards,

        Mona Magathan

        Information Security Services
         
        U.S. Bank
        (206) 225.7519

        U.S. BANCORP made the following annotations
        ---------------------------------------------------------------------

        Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation.


        ---------------------------------------------------------------------
       
      --
      ________________________________
      Anthony Michael Rutkowski
      EVP, Industry Standards & Regulatory Affairs
      tony@yaanatech.com
      +1 703 999 8270
      ________________________________
      Yaana Technologies LLC
       
      542 Gibraltar Drive
      Milpitas CA 95035 USA
 


DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses.  The company accepts no liability for any damage caused by any virus transmitted by this email.





---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]