OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Call for Volunteers / Topics for STIX 2.1


All,

 

To get this work kicked off, Bret has created channels in Slack for each of the 4 topics (#confidence, #malware, #infrastructure, and #location). We’ll be doing most of the in-depth discussion and work on the proposals there, so please join if you’re interested.

 

If you aren’t on Slack e-mail me or Bret for an invite. If you can’t use slack for whatever reason let me know and we’ll figure something out.

 

Just so everyone knows what we’re expecting out of each of these, the intent is to have a proposal that can be discussed at the face-to-face in January. Each proposal will ideally include normative text, examples, and an overview - as well as have someone at the F2F who can talk about it. After the F2F the proposals will be modified with any necessary changes and then discussed and decided on the list.

 

The due date to finish these in time for the F2F is January 9. That will give people roughly a week ahead of the F2F to read the proposals and give us a jump starting going in.

 

Thanks,

John

 

From: John Wunder <jwunder@mitre.org>
Date: Wednesday, December 7, 2016 at 2:51 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Call for Volunteers / Topics for STIX 2.1

 

All,

 

I know that we’re still finalizing things in STIX 2.0, but with the face-to-face coming up in January and the need to keep making progress on important topics I’d like to start planning for STIX 2.1. In particular, I think we can be much more productive at the face-to-face if we have 1 or more concrete proposals for each topic we discuss. That way we can evaluate real normative text and data structures rather than general ideas and theories.

 

To get there, I’d like to start putting together mini-groups for STIX 2.1 topics. Obviously we won’t work on all of these at the same time, but the complete list I have of somewhat major topics for 2.1:

 

1.      Malware (it already exists, but it could use some fleshing out)

2.      Infrastructure

3.      Confidence

4.      Location

5.      Incident / Event

6.      Course of Action / OpenC2 integration / Playbooks

7.      Internationalization

8.      Intel Notes

 

So my first request is, what’s missing? Are there any other major topics that we should tackle for 2.1?

 

My second request is for volunteers to work on some of those topics. I’m thinking that one of the first things we should do is build out more of our foundation in intel objects and concepts. That would mean tackling:

 

-          Confidence

-          Malware

-          Infrastructure

-          Location

 

Finishing off those objects and concepts will give us the building block SDOs and concepts that we need to tackle things like incident, COA, etc. As we finish off this first set, we can move on to major areas of effort like courses of action and incidents (and related object).

 

Please send replies directly to me and I’ll coordinate, that way we can avoid spamming the list. Also I should say that if there’s a group of people that wants to start working on incident, COA, or any other topic now don’t let me hold you up. I just want to make sure we can get in the more foundational things so we don’t have to re-write stuff later.

 

John



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]