OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [cti] Re: OASIS Board Approval of Trademark Waiver for DHS contributions of STIX, TAXII and CybOX specifications



This one’s on me, will have it to you ASAP.




Alex Foley


From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Chet Ensign
Sent: Monday, April 04, 2016 12:08 PM
To: Frederick.Hirsch@us.fujitsu.com
Cc: cti@lists.oasis-open.org; jamie.clark@oasis-open.org
Subject: [cti] Re: OASIS Board Approval of Trademark Waiver for DHS contributions of STIX, TAXII and CybOX specifications


Members of the CTI TC, 


In light of the above notification, I will start your requested ballot to approve TAXII V1.1.1 as a Committee Specification shortly. (https://issues.oasis-open.org/browse/TCADMIN-2333). 


I do not at this time have a matching request for STIX V1.2.1 however when the TC makes that request, I will be able to start the ballot without delay. 


Please let me know if you have any questions. 


Best regards, 





On Mon, Apr 4, 2016 at 11:44 AM, Frederick.Hirsch@us.fujitsu.com <Frederick.Hirsch@us.fujitsu.com> wrote:

Members of the Cyber Threat Intelligence (CTI) TC:

The OASIS Board has approved the waiver of its trademark-ownership policy for purposes of the DHS contributions of STIX, TAXII and CybOX specifications, to accept the nonexclusive license instead, so as to accommodate the continuous development of this work without interruption. The OASIS Board considers this waiver exceptional, in light of the perceived urgency of cybersecurity risks mitigated by the project and the inability of the contributor to immediately transfer the trademarks.

However, the Board does wish to caution DHS that there may be significant adoption risks with the retained trademark licenses and "TM" marks in an open standard or open source code. In the current technical environment, open development communities generally expect and receive freely available rights to use and incorporate such works without any concern, conditions, or restrictions. The ability to go forward without licensing or lawyering analysis accounts for the rapid, frictionless adoption and success of many open projects.

OASIS always strives for success and broad adoption of its committees' specifications. Therefore, we did wish to express our concern that the presence of unconventional or unexpected license reservations -- where the user must consider special terms from a specific agency, beyond the routine open standards group terms -- might significantly impair market adoption of this work, particularly internationally, and with other standards organizations.

We understand that the original intent of this project is to promote widespread adoption and use, not only with US federal agencies and their regular vendors, but also in communities and commercial sectors located elsewhere, including parties who may exchange threat data with each other but not the government. For that reason, we call your attention to the risk of negative reactions to anything that (even accidentally or cursorily) looks like parties might be required to seek permission from a US federal agency before using it or coding to it.

For that reason, as a suggestion but not a requirement, we urge DHS to consider re-visiting whatever process would be required to permit a full assignment of the trademark to OASIS, so to bring the work's licensing in line with most other open standards and open source work. That process might run concurrently with the committee's continued development, possibly permitting fewer licensing reservations in future versions. OASIS itself always takes reasonable steps to monitor and protect the names and trademarks of its specifications, so we do not believe that additional powers need to be retained by DHS, in order for the agency to enjoy the protections that may be its concern. We would be happy to work with the Department to explore whatever additional procurement process might be needed, to address the risk that communities and stakeholders outside of your current circle of participants might find the exceptional licensing off-putting.

The motion passed is the following:

"The Board resolves to waive IPR Policy section 5.3.1's requirement that all trademarks used in an OASIS specification shall be owned by OASIS, for the US Department of Homeland Security's contributions of STIX, TAXII and CybOX draft specifications to the OASIS CTI TC, conditioned on the terms of the following documents:  (a) amendment to section 3(d) of the July 15, 2015 "Non-Exclusive License" between DHS and OASIS;  (b) posting of the supplemental "Proposed trademark notice and conditions" from DHS, clarifying implementer and user rights to freely use trademarks;  and (c) modification of the standard OASIS specification IPR notices and disclaimers text, to include the modified special DHS IPR notices and disclaimers;  all as presented to the Board at its March 2016 meeting as negotiated by staff and DHS.”

The three associated documents are attached.

If you have any comment please feel free to send to oasis-board-comment@lists.oasis-open.org or to chet.ensign@oasis-open.org

Thank you for your consideration.

regards, Frederick

Frederick Hirsch
Chair of the OASIS Board of Directors


This e-mail and any attached files are only for the use of its intended recipient(s). Its contents are confidential and may be privileged. Fujitsu does not guarantee that this e-mail has not been intercepted and amended or that it is virus free. If you have received this e-mail and are not the intended recipient, please contact the sender by e-mail and destroy all copies of this e-mail and any attachments. / Le présent courriel, ainsi que ses pièces jointes, ne peut être utilisé que par le ou les destinataires auxquels il a été transmis. Les renseignements qu'il contient sont confidentiels, voire même protégés. Fujitsu ne peut garantir que ce courriel n'a pas été intercepté ou modifié, ou qu'il ne contient aucun virus. Si vous avez reçu ce courriel sans en être le destinataire prévu, veuillez communiquer par courriel avec son expéditeur et en détruire toutes les copies et pièces jointes.



Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 

This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]