Re: [cti] Roadmap discussion and update

I can see the arguments for both choices, but I feel like many of the arguments made in favor of a time-based release reflect what is convenient for the TC, while the argument for feature-driven release reflect what is (allegedly) needed by the community. I would argue that we haven’t seen enough real-world usage of STIX 2.0 to know what the scope of 2.1 needs to be.

Greg

On 2017-08-08, 17:04 UTC, "cti@lists.oasis-open.org on behalf of Sarah Kelley" <cti@lists.oasis-open.org on behalf of Sarah.Kelley@cisecurity.org> wrote:

CTI-TC,

We wanted to send a follow-up email regarding the roadmap conversation that was started on the last monthly call. From our original list of items we wanted to have in STIX 2.1, this is where we stand:

Finished:

Confidence, Intel Note, Opinion, Internationalization

Mostly done:

Location (review), Malware (finishing development, Friday call)

In Progress:

IEP, DNS Request/Response (Tuesday working call)

Still to come (or in mini-group):

COA, Infrastructure, Event/Incident

As mentioned during the meeting(s), we aren’t making fast enough progress through our roadmap in order to get all of these objects into a fall release. We have three choices:

Schedule more meetings, move faster
- Instead of having 2 working calls per week, we could increase to 3 or 4.
- In the opinion of the co-chairs, this is not really reasonable given our past experience trying to move faster.

Which really leaves us with two choices:

Accept it and delay the release
- Trying to finish all these topics would probably push our release date for STIX 2.1 into spring or summer of 2018.
- We would have to be cognizant of scope creep, not allowing new items to become “necessary” for 2.1 or the release date will be continually pushed.

Remove items from the release in order to get the things that are done or nearly done out sooner (deadline for new material would be Sept 30 so editorial work can begin in October) while giving us time to work on the things that need the time
- Would keep things that are basically done: Internationalization, Confidence, Intel Note, Opinion, Location and Malware
- Probably keep proposals that are fairly polished and just need to be reviewed: IEP, DNS Request/Response
- Likely defer items that still have a lot of work: Infrastructure, COA, and Event

The general consensus of the co-chairs (without unanimity) is that that the third option is the most logical at the moment. Setting a hard deadline of Sept 30 would allow us to get a 2.1 update out with important new objects, but also allow us to give certain large topics (like COA, Infrastructure and Event) the full time and attention they need to get them right by pushing them to a later release. This would also allow our October F2F to focus on kick starting STIX 2.2.

Given that this committee works via consensus and that the co-chairs do not decide anything unilaterally, we would like to open this conversation up for wider discussion. Please chime in and let everyone know your preference.

Thanks,

Sarah Kelley

Senior Cyber Threat Analyst

Multi-State Information Sharing and Analysis Center (MS-ISAC)

31 Tech Valley Drive

East Greenbush, NY 12061

sarah.kelley@cisecurity.org

518-266-3493

24x7 Security Operations Center

SOC@cisecurity.org - 1-866-787-4722

This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . . . .
.....

cti message