Re: [cti] Re: STIX 2.0 RC3

["Kirillov, Ivan A." <ikirillov@mitre.org>]

Part 1 defines primitives common to both STIX and Cyber Observables; Part 3a defines primitives specific to Cyber Observables, which have no overlap with those in Part 1. Part 4 specifies how primitives from Parts 1 and 3a are to be used as constants in Patterning – this is necessary because unlike STIX and Cyber Observable instance data, patterns must always be serialized as Unicode strings.

 

Therefore, what is the issue here? IMO, I think each of these uses/definitions makes sense and we can leave them as-is.

 

Regards,

Ivan

 

From: <cti@lists.oasis-open.org> on behalf of "Bret Jordan (CS)" <Bret_Jordan@symantec.com>
Date: Tuesday, November 8, 2016 at 4:12 PM
To: John Wunder <jwunder@mitre.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] Re: STIX 2.0 RC3

 

There is a known issue in that the Common Types / Primitive Types etc are slightly out of alignment between Parts1, 3a, and 4.  We will need to have a discussion about how to address that before we do the CSD.

 

Bret

 

---

From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Wunder, John A. <jwunder@mitre.org>
Sent: Tuesday, November 8, 2016 3:58:28 PM
To: cti@lists.oasis-open.org
Subject: [cti] STIX 2.0 RC3

 

All,

 

Thanks to a ton of work from the community, editors, and co-chairs we’ve been able to finalize STIX 2.0 RC3 and would like to kick off an informal (i.e., no ballot) two week review period (closing 11/22). The documents are available on Google Docs (links below) and in the attached .zip file (Word and PDF).

 

As a reminder, this STIX 2.0 Standards Track Work Product consists of five parts (documents):

 

-          Part 1, STIX Core

-          Part 2, STIX Objects

-          Part 3a, Cyber Observable Core Concepts

-          Part 3b, Cyber Observable Objects

-          Part 4, Patterning

 

Parts 1 and 2 are what used to be the STIX 2.0 specification as defined in RC2. RC2 underwent an official TC ballot and therefore we’ve tracked all changes to those documents in the attached CHANGELOG.txt and in the .zip. Parts 3a and 3b are what used to be known as CybOX and are now merged into the STIX work product as Cyber Observables. Part 4 is what used to be known as CybOX Patterning and is now merged into the STIX work product as Patterning. Parts 3a, 3b, and 4 have not undergone an official ballot and so there are no tracked changes since there’s nothing to track changes from.

 

Please take the time now to review the documents and provide feedback. At this point, we’re hoping to capture all feedback on the mailing lists to provide visibility into what will change. Feedback can either be in a marked-up Word document, PDF, or just in e-mail text. All changes will be discussed with the community and tracked.

 

Obviously you should give the entire package a comprehensive review if you can, but as a suggestion on priority:

-          Patterning is crucial to this effort and has not been through a ballot yet, so should be a high priority

-          Parts 3a and 3b (CybOX) are also very important and have not been through a ballot

-          Conformance clauses were added to all documents (towards the end)

-          The changelog below denotes changes in Parts 1 and 2 from what we approved for RC2. If you were generally happy with the documents in RC2, you can just review the changelog.

 

The STIX 2.0 Cover Page on Google Docs will take you to all 5 parts: https://docs.google.com/document/d/1yvqWaPPnPW-2NiVCLqzRszcx91ffMowfT5MmE9Nsy_w.

 

Thanks everyone,

STIX 2.0 editors and STIX/Cyber Observable co-chairs