OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Open Public Review for STIX 2.0


All,

 

Hearing no objections and in order to get the ball rolling, I move that the CTI TC approve STIX 2.0 WD01, revision 2 and all associated artifacts packaged together in https://www.oasis-open.org/apps/org/workgroup/cti/download.php/59986 as a Committee Specification Draft, and designate the Word version of the specification as authoritative. I further move that the CTI TC approve submitting the resulting CSD for 30 days of public review.

 

For awareness, here are the changes since the last ballot:

 

-          Corrected some examples in Part 4

-          Updated the created timestamp for the TLP entries in Part 1 to correspond to the release date of the document

-          Clarified text in document colors/styles about the formatting of examples across all parts

-          Clarified text about the use of common properties in custom objects in Part 1

 

John

 

From: John Wunder <jwunder@mitre.org>
Date: Wednesday, February 8, 2017 at 9:07 AM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Open Public Review for STIX 2.0

 

All,


As we’ve discussed a few times before, now that we have a STIX 2.0 CSD (Committee Specification Draft) we need to decide how far along the OASIS process to take the specification. The next step for work product formalization would be a Committee Specification.

 

As a reminder:

 

A Committee Specification Draft:

·         Is approved by the TC by a full majority ballot. We have this now; the current state of the specs was approved as STIX 2.0 CSD01.

·         Does not confer IPR protections as an “OASIS Standards Final Deliverable”

 

A Committee Specification:

·         Can only be approved after at least one public review period.

·         Is fully approved once a review period passes with no material changes required, and that draft is voted on by a special majority (2/3) vote of the TC.

  • Confers IPR protections as an “OASIS Standards Final Deliverable”
  • Given all the ballots and review periods that are required, it’ll likely be 2-3 months before we can get to this stage.

 

At a practical level, though, the logical next step for us regardless of CS vs. CSD is to open a public review period. This is an important step in the process to getting to a CS, but more importantly, it allows us to get feedback from those outside the TC sooner rather than later. That feedback may identify things that are broken in STIX 2.0, things that could be improved, or things that we could consider adding…so the sooner we get it done, the better. Even if we feel it’s not important to push towards a CS right now, it’s still important to open that public review for STIX 2.0 so we can get that feedback.

 

Some people have suggested that because we have a couple stub objects in the spec and don’t cover all of what was in STIX 1.x we may get some pushback on whether we’re “done” in the public review. Aside from just taking that as it comes (it’s good feedback!) Trey has suggested that we create an FAQ to answer common questions about why we scoped things the way we did (MVP release, etc.) and talking about our roadmap to add those objects. That should hopefully head off some of those concerns.

 

Are there any objections to opening a public review period on STIX 2.0? If not, we’ll go ahead to make the motion to do so Thursday morning EST.

 

Thanks,

John

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]