Re: [cti] MTI ballot question

[Jerome Athias <athiasjerome@gmail.com>]

Thanks for the clarification.

I assume that those who will vote yes understand and are conscious of the effort needed to provide what is needed.

Future will tell if those saying "I want JSON" or "we need JSON" will be the same that will provide us "JSON" (asap)

Until that it remains hypotheticals

On Monday, 23 November 2015, Struse, Richard <Richard.Struse@hq.dhs.gov> wrote:

All,

 

As you may have seen, a Ballot has opened to decide the question of a Mandatory-To-Implement (MTI) Serialization format for STIX 2.0, CybOX 3.0 and TAXII 2.0.  While I usually try to avoid weighing in directly on these sorts of issues, in this case I wanted to make sure that everyone was clear on a couple of things.

 

First, this proposal is about selecting the one serialization format that implementations must support in order to be considered “CTI-compliant”.  If this proposal passes, this will mean that a compliant implementation must be able to produce and/or consume JSON-based serializations of whatever CTI data it processes.  This is essential to achieve true interoperability.  However, the proposal also makes it clear that the TC will consider standardizing additional optional serialization formats as soon as the new specifications are complete.  This means that if there is a community of users who require/prefer XML or ProtoBufs or something else, they are encouraged to work with the CTI TC to develop a binding specification for that format and convince the TC to publish it as an optional serialization format.  

 

Second, while STIX/TAXII/CybOX have enjoyed substantial success resulting in implementation and adoption around the world, we have also heard loud and clear that STIX and CybOX suffer from excessive complexity in some areas.  One contributor to that perception of complexity is our use of XML.  While there are pros and cons to every approach and serialization format, XML is perceived to be a barrier to adoption in some circles.  JSON, on the other hand is generally perceived as very developer-friendly and is widely used and supported.  By selecting JSON as the MTI serialization format, the CTI TC will be sending a clear message to the broader community that we hear their concerns and are being responsive.  With this decision behind us, we can approach other threat-sharing communities that are pursuing proprietary approaches and ask them to join forces with the CTI TC without the overhang of XML as a mandatory-to-implement format.  But again, selecting JSON as the MTI does not preclude the standardization of other, optional serialization formats for STIX and CybOX in the future.

 

I encourage all CTI TC members eligible to vote to weigh in on this important question.

 

Regards,

Rich

 

Richard J. Struse 

Chair, OASIS Cyber Threat Intelligence (CTI) Technical Committee

 

Chief Advanced Technology Officer

National Cybersecurity and Communications Integration Center (NCCIC) and

Stakeholder Engagement and Cyber Infrastructure Resiliency (SECIR)

Cyber Security & Communications

U.S. Department of Homeland Security

e-mail:  Richard.Struse@dhs.gov
Phone:  202-527-2361