as already discussed
within CTI TC and some of you I’ld like to submit the
proposal below to create a Cyber Threat Intelligence User
Council as a sub-group of the OASIS CTI Technical Committee
and volunteer to take care about it.
CTI User Council, a neutral forum in which corporate
end users voice concerns, discuss best practices, and
identify common technical requirements that can be shared
with the main CTI Technical Committee.
Who should join: Non-vendor
CTI TC members (banks, healthcare companies, retailers,
etc.) who want to track and influence the standards without
engaging in day-to-day spec development issues.
- Enable end user
members to contribute to CTI standards in ways meaningful
to them, such as articulating business requirements,
mobilizing support for vertical specializations, and
promoting adoption of common best practices;
- Foster peer-based
discussions where non-vendor members can exchange
information on pain points and collaborate to address
- Provide CTI STIX,
TAXII, CybOX, and Interoperability Subcommittees with a
direct mechanism for obtaining user feedback on technical
- Increase adoption of
CTI standards and enable a robust CTI ecosystem by
engaging more end users in the process.
- CTI STIX, TAXII,
CybOX, and Interoperability Subcommittees could
periodically provide the User Council with summary reports
on their progress, allowing Council members to stay
current with the SCs' work without the need to follow
daily SC email exchanges.
- As needed, CTI
Subcommittees could poll the User Council for input on
specific issues under debate. ("Would approach A or B be
more useful to you?")
- Council members could
discuss use cases and share experiences via their own
email list and via occasional F2F meetings, held alone or
in conjunction with industry events such as Borderless
- Council could produce
documents defining business requirements, vertical
specializations, and best practices for submission to main
Format: The CTI User Council
would be formed as a Subcommittee of the CTI TC (to take
advantage of the SC infrastructure) but 'Subcommittee' would
not be used in the group name.
Also I’ld like to thank
Carol for her support to get this going. What are your
thoughts about it? Any feedback is highly appreciated!
Best Regards from muddy
Berlin (weather was better last week @DefCon although hardly