OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] STIX 2.0 Path Forward


Maybe we could do a 30-day prototyping sprint during the public review period for the CS (or just starting now)? Obviously there’s not enough time to get this built in real products, but I’d love to see what happens when we try to plug some prototypes together, which could be doable.

 

From: Mark Davidson <mdavidson@soltra.com>
Date: Friday, October 28, 2016 at 9:16 AM
To: Patrick Maroney <Pmaroney@Specere.org>, Terry MacDonald <terry.macdonald@cosive.com>, John-Mark Gurney <jmg@newcontext.com>
Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Trey Darley <trey@kingfisherops.com>, John Wunder <jwunder@mitre.org>
Subject: Re: [cti] STIX 2.0 Path Forward

 

I think the biggest risk that we have with STIX 2.0 is that we don’t have much running code. I have been doing some prototypes myself (primarily for TAXII, but also involving STIX), and I can speak to the fact that I am running into open questions as I go – questions that are best to answer before finalizing a specification. Primarily, I find myself agreeing with Bret’s point #4:

 

> 4) Having a 30 day public review is not going to be sufficient time for us to find problems. 

> What we need is people to start coding solutions and working through workflows. 

> This will take longer than 30 days and if major problems are found, it is a lot easier to fix them at the CSD level than at the CS level.

 

Once we go to CS – we are effectively locked into making only forward compatible changes.

 

On the other hand – the current spec represents a massive amount of work, effort, and progress from this community. I think many people have had great contributions and you do have to call something done at some point.

 

Overall, I find myself supporting the CS direction – it represents a significant achievement by this group. I also find myself wanting more QA (primarily through running code). Maybe this is something we can focus on make progress on.

 

Thank you.

-Mark

 

From: <cti@lists.oasis-open.org> on behalf of Patrick Maroney <Pmaroney@Specere.org>
Date: Sunday, October 23, 2016 at 10:18 AM
To: Terry MacDonald <terry.macdonald@cosive.com>, John-Mark Gurney <jmg@newcontext.com>
Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, Trey Darley <trey@kingfisherops.com>, "John A. Wunder" <jwunder@mitre.org>
Subject: Re: [cti] STIX 2.0 Path Forward

 

Agreed on Option 1.

 

My .02: we need to keep our iteration processes as "lean" as possible until we have all of the key elements fully flushed out.

Patrick Maroney
President
Integrated Networking Technologies, Inc.
Desk: (856)983-0001
Cell: (609)841-5104
Email: pmaroney@specere.org

 


From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Terry MacDonald <terry.macdonald@cosive.com>
Sent: Saturday, October 22, 2016 3:45:20 PM
To: John-Mark Gurney
Cc: John A. Wunder; cti@lists.oasis-open.org; Trey Darley
Subject: Re: [cti] STIX 2.0 Path Forward

 

I vote for option 1, as I don't believe STIX 2.0 is anywhere near finished until we have 'confidence' added into it. It's not at a level that matches STIX 1.x, and is one of the major missing holes that we currently have (along with the ability to tell others if you agree or disagree with someone else's assertion, and the ability to ask questions and get answers from all members of a trust group).

I feel like once STIX 2.1 is released we may be closer to being able to take it to a final CS. I personally feel like it depends on how much market take-up we get. If the version of STIX is implemented everywhere by everyone then we should take it higher up the specification tree.

Cheers
Terry MacDonald
Cosive

 

On 22 Oct. 2016 12:16, "John-Mark Gurney" <jmg@newcontext.com> wrote:

Trey Darley wrote this message on Fri, Oct 21, 2016 at 14:56 +0000:
> On 21.10.2016 13:58:45, Wunder, John A. wrote:
> >
> > 4. At the Brussels F2F there was good consensus (though not
> > unanimity) that going to a CS now was important.
>
> I supported option #2 at the Brussels F2F and I support it now.

ditto.

--
John-Mark

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]