This one’s on me, will have it to you ASAP.
From: email@example.com [mailto:firstname.lastname@example.org]
On Behalf Of Chet Ensign
Sent: Monday, April 04, 2016 12:08 PM
Cc: email@example.com; firstname.lastname@example.org
Subject: [cti] Re: OASIS Board Approval of Trademark Waiver for DHS contributions of STIX, TAXII and CybOX specifications
Members of the CTI TC,
I do not at this time have a matching request for STIX V1.2.1 however when the TC makes that request, I will be able to start the ballot without delay.
Please let me know if you have any questions.
On Mon, Apr 4, 2016 at 11:44 AM,
Frederick.Hirsch@us.fujitsu.com <Frederick.Hirsch@us.fujitsu.com> wrote:
Members of the Cyber Threat Intelligence (CTI) TC:
The OASIS Board has approved the waiver of its trademark-ownership policy for purposes of the DHS contributions of STIX, TAXII and CybOX specifications, to accept the nonexclusive license instead, so as to accommodate the continuous development of this work
without interruption. The OASIS Board considers this waiver exceptional, in light of the perceived urgency of cybersecurity risks mitigated by the project and the inability of the contributor to immediately transfer the trademarks.
However, the Board does wish to caution DHS that there may be significant adoption risks with the retained trademark licenses and "TM" marks in an open standard or open source code. In the current technical environment, open development communities generally
expect and receive freely available rights to use and incorporate such works without any concern, conditions, or restrictions. The ability to go forward without licensing or lawyering analysis accounts for the rapid, frictionless adoption and success of many
OASIS always strives for success and broad adoption of its committees' specifications. Therefore, we did wish to express our concern that the presence of unconventional or unexpected license reservations -- where the user must consider special terms from a
specific agency, beyond the routine open standards group terms -- might significantly impair market adoption of this work, particularly internationally, and with other standards organizations.
We understand that the original intent of this project is to promote widespread adoption and use, not only with US federal agencies and their regular vendors, but also in communities and commercial sectors located elsewhere, including parties who may exchange
threat data with each other but not the government. For that reason, we call your attention to the risk of negative reactions to anything that (even accidentally or cursorily) looks like parties might be required to seek permission from a US federal agency
before using it or coding to it.
For that reason, as a suggestion but not a requirement, we urge DHS to consider re-visiting whatever process would be required to permit a full assignment of the trademark to OASIS, so to bring the work's licensing in line with most other open standards and
open source work. That process might run concurrently with the committee's continued development, possibly permitting fewer licensing reservations in future versions. OASIS itself always takes reasonable steps to monitor and protect the names and trademarks
of its specifications, so we do not believe that additional powers need to be retained by DHS, in order for the agency to enjoy the protections that may be its concern. We would be happy to work with the Department to explore whatever additional procurement
process might be needed, to address the risk that communities and stakeholders outside of your current circle of participants might find the exceptional licensing off-putting.
The motion passed is the following:
"The Board resolves to waive IPR Policy section 5.3.1's requirement that all trademarks used in an OASIS specification shall be owned by OASIS, for the US Department of Homeland Security's contributions of STIX, TAXII and CybOX draft specifications to the OASIS
CTI TC, conditioned on the terms of the following documents: (a) amendment to section 3(d) of the July 15, 2015 "Non-Exclusive License" between DHS and OASIS; (b) posting of the supplemental "Proposed trademark notice and conditions" from DHS, clarifying
implementer and user rights to freely use trademarks; and (c) modification of the standard OASIS specification IPR notices and disclaimers text, to include the modified special DHS IPR notices and disclaimers; all as presented to the Board at its March 2016
meeting as negotiated by staff and DHS.”
The three associated documents are attached.
If you have any comment please feel free to send to
email@example.com or to
Thank you for your consideration.
Chair of the OASIS Board of Directors
This e-mail and any attached files are only for the use of its intended recipient(s). Its contents are confidential and may be privileged. Fujitsu does not guarantee that this e-mail has not been intercepted and amended or that it is virus free. If you have
received this e-mail and are not the intended recipient, please contact the sender by e-mail and destroy all copies of this e-mail and any attachments. / Le présent courriel, ainsi que ses pièces jointes, ne peut être utilisé que par le ou les destinataires
auxquels il a été transmis. Les renseignements qu'il contient sont confidentiels, voire même protégés. Fujitsu ne peut garantir que ce courriel n'a pas été intercepté ou modifié, ou qu'il ne contient aucun virus. Si vous avez reçu ce courriel sans en être
le destinataire prévu, veuillez communiquer par courriel avec son expéditeur et en détruire toutes les copies et pièces jointes.
Director of Standards Development and TC Administration
OASIS: Advancing open standards for the information society
Primary: +1 973-996-2298
Mobile: +1 201-341-1393
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.