RE: [cti] CTI Goals Discussion

[Patrick Maroney <Pmaroney@Specere.org>]

Mark, et al,

I forward a motion that Security should be specifically enumerated as one of the cornerstone objectives of the OASIS CTI TAXII Specifications and Protocol.

Patrick Maroney

From: Davidson II, Mark S
Sent: 7/31/15, 6:50 AM
To: cti@lists.oasis-open.org
Subject: [cti] CTI Goals Discussion

All,

 

During the TAXII Kick-off meeting, some goals were presented that (generally) represent the goals of the TAXII Subcommittee and the goals of TAXII. I’d like to offer them to the broader CTI TC, on behalf of the TAXII SC, as candidate goals. Here they are:

 

•       Open, Collaborative, Fast

–      This includes collaboration across SCs

•       Solve what we know

•       Investigate what we don’t know

•       Plan For incremental Change

•       Open door policy

 

As a note, I’ve modified “plan for change” slightly from the TAXII kick-off meeting. We are all discussing major revs of STIX/TAXII/CybOX; I think once the direction of those is set we all hope for incremental change and do not want to thrash on the core designs. Therefore, I added the word “incremental”.

 

We also have some goals for TAXII itself that are worth considering as broader goals for all CTI TC efforts. Here they are:

 

•       Simplicity

–      Easy to implement and understand

•       One way of doing things

–      Reduce optionality

•       Minimize resource usage

–      Reduce size

–      Only transmit what is necessary

•       Scalable performance

 

The TAXII Subcommittee offers these to the broader CTI TC for adoption.

 

These are of course offered as proposed goals, and they can individually be accepted/modified/removed depending on the group’s opinions.

 

Thank you.

 

Mark Davidson

MDavidson@MITRE.org

(781) 271-3703

Lead Cyber Security Engineer

The MITRE Corporation