[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti-stix] Discussions on the cti-stix list
All (cross posting from cti-stix),
From my perspective, Aharon and Sean hit the nail on the head with this one. With transition to a formal standards body comes some additional process but I believe that is more than outweighed by the tremendous benefits conferred by OASIS. In addition, I think that everything Aharon and Sean said in the context of STIX apply equally to the TAXII and CybOX efforts as well.
Thanks for all of the great work so far and let’s keep the momentum going!
From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of Sean Barnum
Fellow CTI STIX SC members,
We are excited to see the amount of traffic and discussion on the list and look forward to the opportunity to provide substantive contributions ourselves.
While we strongly encourage open and active discussion among the SC community some of the wording used in recent threads leads us to believe that a clarification/reminder may be in order to ensure that we are all on the same page.
Discussions like those currently occurring on topics that will affect a future version of STIX are useful and encouraged but, to be clear, they are informal rather than formal in nature. Nothing here is yet being decided or finished or finalized.
We are now operating under the formal governance of a standards development organization and as such we must follow the prescribed processes that make such organizations valuable.
While discussions on any topic can occur at any time, the formal process for evolving such topics into the standards roughly will be:
· Identify issues/topics for consideration and capture them in the official issue tracker. At this time, the official issue tracker for the STIX language is located here: https://github.com/STIXProject/schemas/issues
· Comment on the issues in the tracker with any appropriate ideas, refinements, concurrences, objections, etc. We would encourage much of the recent thoughts on the list be captured in the appropriate tracker issues, making sure to create separate issues for each separate topic. The content in the trackers (rather than simple email traffic) will form the formal basis of input for any work products.
· Initiate a new work product with defined scope and assigned editor(s) (e.g. in this case, STIX 2.0 spec)
· Under the coordination of the work product editor(s) and the SC co-chairs, collaboratively discuss and decide on which tracker issues will fall within the scope of the work product
· Iteratively discuss/evolve each in-scope tracker issue until consensus is reached on proposed solution. Leverage formal voting only where necessary due to lack of clear consensus.
· Formally model and specify all in scope proposed solutions as part of the draft work product
· As a community, review, discuss and iterate on work product until final consensus is reached.
· Vote on official acceptance of the work product at the SC or TC level as appropriate.
Our current priority is to complete work on the STIX 1.2.1 work product before officially initiating the STIX 2.0 work product.
This does not mean we cannot talk about STIX 2.0 issues, only that it will be informal until we complete STIX 1.2.1.
While we all desire to evolve STIX and address known issues as quickly as we can, as a formal standard we must ensure our priorities are always in order:
1. Ensuring capability, integrity and stability of the STIX standard to serve its intended purpose
2. Ensuring the practicality of use and acceptability of change among the intended user base for the STIX standard
3. Following OASIS formal governance processes
4. Progress as rapidly as is appropriate given #1, #2 and #3 above
Hopefully, none of this comes as a surprise to anyone but rather just a friendly reminder.
Again, we encourage you to continue the great discourse that is occurring and we look forward to contributing.
Please let us know if you have any questions or concerns.
Sean Barnum and Aharon Chernin
CTI STIX SC Co-chairs
Description: S/MIME cryptographic signature