OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti] OASIS Board Approval of Trademark Waiver for DHS contributions of STIX, TAXII and CybOX specifications

Hello Frederick - can we get some additional guidance around this text?

- Based on this interpretation, I would not be allowed to for example to create a product called "MyCorp TAXII Bridge" without getting additional waivers from DHS - is that correct?

- Need more clarification around "or in advertisement for sale of a commercial product". Is this saying that if within some marketing we also want to talk about HOW STIX and TAXII is used, we can not do that because it is not a simple factual statement of support?

Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown

Inactive hide details for "Frederick.Hirsch@us.fujitsu.com" ---04/04/2016 12:45:19 PM---Members of the Cyber Threat Intelligenc"Frederick.Hirsch@us.fujitsu.com" ---04/04/2016 12:45:19 PM---Members of the Cyber Threat Intelligence (CTI) TC: The OASIS Board has approved the waiver of its tr

From: "Frederick.Hirsch@us.fujitsu.com" <Frederick.Hirsch@us.fujitsu.com>
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Cc: "chet.ensign@oasis-open.org" <chet.ensign@oasis-open.org>, "jamie.clark@oasis-open.org" <jamie.clark@oasis-open.org>
Date: 04/04/2016 12:45 PM
Subject: [cti] OASIS Board Approval of Trademark Waiver for DHS contributions of STIX, TAXII and CybOX specifications
Sent by: <cti@lists.oasis-open.org>

Members of the Cyber Threat Intelligence (CTI) TC:

The OASIS Board has approved the waiver of its trademark-ownership policy for purposes of the DHS contributions of STIX, TAXII and CybOX specifications, to accept the nonexclusive license instead, so as to accommodate the continuous development of this work without interruption. The OASIS Board considers this waiver exceptional, in light of the perceived urgency of cybersecurity risks mitigated by the project and the inability of the contributor to immediately transfer the trademarks.

However, the Board does wish to caution DHS that there may be significant adoption risks with the retained trademark licenses and "TM" marks in an open standard or open source code. In the current technical environment, open development communities generally expect and receive freely available rights to use and incorporate such works without any concern, conditions, or restrictions. The ability to go forward without licensing or lawyering analysis accounts for the rapid, frictionless adoption and success of many open projects.

OASIS always strives for success and broad adoption of its committees' specifications. Therefore, we did wish to express our concern that the presence of unconventional or unexpected license reservations -- where the user must consider special terms from a specific agency, beyond the routine open standards group terms -- might significantly impair market adoption of this work, particularly internationally, and with other standards organizations.

We understand that the original intent of this project is to promote widespread adoption and use, not only with US federal agencies and their regular vendors, but also in communities and commercial sectors located elsewhere, including parties who may exchange threat data with each other but not the government. For that reason, we call your attention to the risk of negative reactions to anything that (even accidentally or cursorily) looks like parties might be required to seek permission from a US federal agency before using it or coding to it.

For that reason, as a suggestion but not a requirement, we urge DHS to consider re-visiting whatever process would be required to permit a full assignment of the trademark to OASIS, so to bring the work's licensing in line with most other open standards and open source work. That process might run concurrently with the committee's continued development, possibly permitting fewer licensing reservations in future versions. OASIS itself always takes reasonable steps to monitor and protect the names and trademarks of its specifications, so we do not believe that additional powers need to be retained by DHS, in order for the agency to enjoy the protections that may be its concern. We would be happy to work with the Department to explore whatever additional procurement process might be needed, to address the risk that communities and stakeholders outside of your current circle of participants might find the exceptional licensing off-putting.

The motion passed is the following:

"The Board resolves to waive IPR Policy section 5.3.1's requirement that all trademarks used in an OASIS specification shall be owned by OASIS, for the US Department of Homeland Security's contributions of STIX, TAXII and CybOX draft specifications to the OASIS CTI TC, conditioned on the terms of the following documents:  (a) amendment to section 3(d) of the July 15, 2015 "Non-Exclusive License" between DHS and OASIS;  (b) posting of the supplemental "Proposed trademark notice and conditions" from DHS, clarifying implementer and user rights to freely use trademarks;  and (c) modification of the standard OASIS specification IPR notices and disclaimers text, to include the modified special DHS IPR notices and disclaimers;  all as presented to the Board at its March 2016 meeting as negotiated by staff and DHS.”

The three associated documents are attached.

If you have any comment please feel free to send to oasis-board-comment@lists.oasis-open.org or to chet.ensign@oasis-open.org

Thank you for your consideration.

regards, Frederick

Frederick Hirsch
Chair of the OASIS Board of Directors


This e-mail and any attached files are only for the use of its intended recipient(s). Its contents are confidential and may be privileged. Fujitsu does not guarantee that this e-mail has not been intercepted and amended or that it is virus free. If you have received this e-mail and are not the intended recipient, please contact the sender by e-mail and destroy all copies of this e-mail and any attachments. / Le présent courriel, ainsi que ses pièces jointes, ne peut être utilisé que par le ou les destinataires auxquels il a été transmis. Les renseignements qu'il contient sont confidentiels, voire même protégés. Fujitsu ne peut garantir que ce courriel n'a pas été intercepté ou modifié, ou qu'il ne contient aucun virus. Si vous avez reçu ce courriel sans en être le destinataire prévu, veuillez communiquer par courriel avec son expéditeur et en détruire toutes les copies et pièces jointes.
[attachment "CLEAN COPY 20160303 DHS OASIS STIX etc spec language (3 of 3).pdf" deleted by Jason Keirstead/CanEast/IBM] [attachment "CLEAN COPY 20160303 AMENDED OASIS-DHS-TM LICENSE-STIX-TAXII-CyBOX (1 of 3).pdf" deleted by Jason Keirstead/CanEast/IBM] [attachment "CLEAN COPY 20160303 OASIS-DHS-TM Supplement-stmt-on-TMs (2 of 3).pdf" deleted by Jason Keirstead/CanEast/IBM]
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]