[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] STIX 2.0 Path Forward
Maybe we could do a 30-day prototyping sprint during the public review period for the CS (or just starting now)? Obviously there’s not enough time to get this built in real products, but
I’d love to see what happens when we try to plug some prototypes together, which could be doable. From:
Mark Davidson <mdavidson@soltra.com> I think the biggest risk that we have with STIX 2.0 is that we don’t have much running code. I have been doing some prototypes myself (primarily for TAXII, but also involving STIX), and
I can speak to the fact that I am running into open questions as I go – questions that are best to answer before finalizing a specification. Primarily, I find myself agreeing with Bret’s point #4: > 4) Having a 30 day public review is not going to be sufficient time for us to find problems.
> What we need is people to start coding solutions and working through workflows.
> This will take longer than 30 days and if major problems are found, it is a lot easier to fix them at the CSD level than at the CS level. Once we go to CS – we are effectively locked into making only forward compatible changes. On the other hand – the current spec represents a massive amount of work, effort, and progress from this community. I think many people have had great contributions and you do have to call
something done at some point. Overall, I find myself supporting the CS direction – it represents a significant achievement by this group. I also find myself wanting more QA (primarily through running code). Maybe this
is something we can focus on make progress on. Thank you. -Mark From:
<cti@lists.oasis-open.org> on behalf of Patrick Maroney <Pmaroney@Specere.org> Agreed on Option 1. My .02: we need to keep our iteration processes as "lean" as possible until we have all of the key elements fully flushed out. Patrick Maroney From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Terry MacDonald <terry.macdonald@cosive.com> I vote for option 1, as I don't believe STIX 2.0 is anywhere near finished until we have 'confidence' added into it. It's not at a level that matches STIX 1.x, and is one of the major missing holes that we currently have (along with the ability to tell others
if you agree or disagree with someone else's assertion, and the ability to ask questions and get answers from all members of a trust group). I feel like once STIX 2.1 is released we may be closer to being able to take it to a final CS. I personally feel like it depends on how much market take-up we get. If the version of STIX is implemented everywhere by everyone then we should take it higher
up the specification tree. Cheers On 22 Oct. 2016 12:16, "John-Mark Gurney" <jmg@newcontext.com> wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]