OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] Re: [EXT] Re: [cti] type changing from "object" to "array"for cyber observable objects


I agree with John and Trey. The STIX 2.0 spec is done and people are already working on building tools for it. It would extremely counterproductive to make backwards breaking changes, especially of this magnitude, at this point. We need to give people the chance to work with what we’ve done and see how well it flies.

 

Sarah Kelley

Senior Cyber Threat Analyst

Multi-State Information Sharing and Analysis Center (MS-ISAC)                   

31 Tech Valley Drive

East Greenbush, NY 12061

 

sarah.kelley@cisecurity.org

518-266-3493

24x7 Security Operations Center

SOC@cisecurity.org - 1-866-787-4722

 

                  

 

From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of "Wunder, John A." <jwunder@mitre.org>
Date: Wednesday, October 4, 2017 at 12:42 PM
To: Trey Darley <trey@newcontext.com>, Bret Jordan <Bret_Jordan@symantec.com>
Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] Re: [EXT] Re: [cti] type changing from "object" to "array"for cyber observable objects

 




Yeah, we’ve made this decision for the 2.x series and at this point revisiting it is not really an option. This is not to say that we shouldn’t keep track of this discussion…as people implement 2.x support we should absolutely track and document lessons-learned, even those that would result in breaking changes, so we can incorporate them in to future releases across ALL topics but especially these more contentious ones.

It’s also important to keep in mind though that we’re really at the early stages of 2.x support, I still have conversations where people think STIX 2 is XML! I guess my point is that we need to move deliberatively forward based on what we’ve already decided, get experience coding 2.x support, and make sure we’re documenting these things.

John

On 10/4/17, 12:01 PM, "Trey Darley" <cti@lists.oasis-open.org on behalf of trey@newcontext.com> wrote:

On 02.10.2017 23:08:48, Bret Jordan wrote:
> I was one of the ones that pushed against this. At the time I could
> not see the value of having observable objects be first order
> citizens. I admit that. But I am really beginning to question it. So
> much so, that I think we may have gotten it wrong.
>

Hi, Bret -

The points you raise with regard to STIX Observed Data and SCO were
already examined at great length during the Great Arglebargle Debate
of 2016. In due course of time, the TC reached consensus on the
current approach and work progressed from there.

Whether or not the approach we took was the *ideal* technical solution
is irrelevant. STIX 2.0 went through multiple CSDs (including multiple
public comment periods during which concerns were raised and addressed
by the community), then we progressed to a CS via a series of TC-wide
ballots.

The ship has sailed, Bret. We're not going to rip out and redo Parts
3-5. The 2.0 specification is final and people are now busily
implementing it.

We have many pressing matters pertaining to the evolution of STIX 2.1
(and beyond) demanding our collective attention and effort. Let's keep
our focus on moving forward as a community.

--
Cheers,
Trey
++--------------------------------------------------------------------------++
Director of Standards Development, New Context
gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338
++--------------------------------------------------------------------------++
--
"With sufficient thrust, pigs fly just fine. However, this is not
necessarily a good idea. It is hard to be sure where they are going to
land, and it could be dangerous sitting under them as they fly
overhead." --RFC 1925


.....

This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . . . .


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]