Re: [cti] Roadmap discussion and update

[Sarah Kelley <Sarah.Kelley@cisecurity.org>]

Andras,

Event/Incident has been on the schedule for the 2.1 release, but as we have started work on this object, the current feeling is that we don’t understand it enough to get the work done in time for a fall release. Work has been done on this object (https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.r4w2zhz8p29q) , but the topic is still being debated at length, and many people feel it will not be ready to be included in 2.1 if we still aim to get 2.1 out the door this fall. Hence, the discussion to push Event/Incident back to a 2.2 release, in order to make sure the object is correct and not done in a hurry.

This type of question is exactly why we posed the roadmap conversation to the list.

Does this help frame the conversation?

Sarah Kelley
STIX  Co-Chair
Senior Cyber Threat Analyst
Multi-State Information Sharing and Analysis Center (MS-ISAC)
31 Tech Valley Drive
East Greenbush, NY 12061

sarah.kelley@cisecurity.org
518-266-3493
24x7 Security Operations Center
SOC@cisecurity.org - 1-866-787-4722

 <https://msisac.cisecurity.org/>
        <https://www.facebook.com/CenterforIntSec>     <https://twitter.com/CISecurity>    <https://www.youtube.com/user/TheCISecurity>     <https://www.linkedin.com/company/the-center-for-internet-security>

On 8/10/17, 6:28 AM, "Andras Iklody" <cti@lists.oasis-open.org on behalf of andras.iklody@circl.lu> wrote:

    Hi Trey,

    Event/Incident postponed to 2.2? For the MISP community this is the Nr.1
    blocker, I thought it was scheduled for 2.1...

    Best regards,

    Andras


    On 09. aug. 2017 21:14, Trey Darley wrote:
    > All -
    >
    > New Context supports an Autumn 2017 release of STIX 2.1 consisting of:
    >
    >   * i18n
    >   * Confidence
    >   * Intel Note
    >   * Opinion
    >   * Location
    >   * Malware
    >   * IEP
    >   * DNS Request/Response
    >
    > It is understood that the following work items would be postponed to
    > 2.2:
    >
    >   * Event/Incident
    >   * Infrastructure
    >   * COA
    >   * STIX Patterning Extensions
    >
    > While it is unfortunate that the scope of work has expanded to exceed
    > the time initially earmarked for STIX 2.1 development, that should
    > come as no surprise to anyone with experience trying to put accurate
    > time estimates on complex development efforts.
    >
    > The TC work items ready to ship for 2.1 are significant. It would be
    > unconscionable to artificially delay the release of these extensions
    > to the STIX data model and thereby prevent folks from solving
    > real-world problems they confront *today* by binding ourselves to the
    > mast of an idealistic, completionist definition of STIX 2.1.
    >
    > Sarah, thanks for the great summary of the crossroads we find
    > ourselves at. ^_^
    >




This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.


. . . . .