OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] Re: [EXT] Re: [cti] type changing from "object" to "array"for cyber observable objects


Breaking compatibility with older versions is always painful, the only
thing to keep in mind when deciding either way is that it will be an
order of magnitude more painful later on. If there's a fundamentally
flawed concept in the standard, better weed it out ASAP once it's
identified.

Best regards,
Andras

On 04. okt. 2017 18:50, Sarah Kelley wrote:
> I agree with John and Trey. The STIX 2.0 spec is done and people are
> already working on building tools for it. It would extremely
> counterproductive to make backwards breaking changes, especially of this
> magnitude, at this point. We need to give people the chance to work with
> what we’ve done and see how well it flies.
> 
>  
> 
> *Sarah Kelley*
> 
> *Senior Cyber Threat Analyst*
> 
> *Multi-State Information Sharing and Analysis Center
> (MS-ISAC)                   *
> 
> *31 Tech Valley Drive*
> 
> *East Greenbush, NY 12061*
> 
> * *
> 
> *sarah.kelley@cisecurity.org <mailto:sarah.kelley@cisecurity.org>*
> 
> *518-266-3493*
> 
> *24x7 Security Operations Center*
> 
> *SOC@cisecurity.org <mailto:SOC@cisecurity.org> - 1-866-787-4722*
> 
> * *
> 
> ** <https://msisac.cisecurity.org/>**
> 
> *       *** <https://www.facebook.com/CenterforIntSec>*    ***
> <https://twitter.com/CISecurity>*   ***
> <https://www.youtube.com/user/TheCISecurity>*    ***
> <https://www.linkedin.com/company/the-center-for-internet-security>
> 
>  
> 
> *From: *"cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf
> of "Wunder, John A." <jwunder@mitre.org>
> *Date: *Wednesday, October 4, 2017 at 12:42 PM
> *To: *Trey Darley <trey@newcontext.com>, Bret Jordan
> <Bret_Jordan@symantec.com>
> *Cc: *"cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
> *Subject: *Re: [cti] Re: [EXT] Re: [cti] type changing from "object" to
> "array"for cyber observable objects
> 
>  
> 
> 
> 
> 
> Yeah, we’ve made this decision for the 2.x series and at this point
> revisiting it is not really an option. This is not to say that we
> shouldn’t keep track of this discussion…as people implement 2.x support
> we should absolutely track and document lessons-learned, even those that
> would result in breaking changes, so we can incorporate them in to
> future releases across ALL topics but especially these more contentious
> ones.
> 
> It’s also important to keep in mind though that we’re really at the
> early stages of 2.x support, I still have conversations where people
> think STIX 2 is XML! I guess my point is that we need to move
> deliberatively forward based on what we’ve already decided, get
> experience coding 2.x support, and make sure we’re documenting these things.
> 
> John
> 
> On 10/4/17, 12:01 PM, "Trey Darley" <cti@lists.oasis-open.org on behalf
> of trey@newcontext.com> wrote:
> 
> On 02.10.2017 23:08:48, Bret Jordan wrote:
>> I was one of the ones that pushed against this. At the time I could
>> not see the value of having observable objects be first order
>> citizens. I admit that. But I am really beginning to question it. So
>> much so, that I think we may have gotten it wrong.
>>
> 
> Hi, Bret -
> 
> The points you raise with regard to STIX Observed Data and SCO were
> already examined at great length during the Great Arglebargle Debate
> of 2016. In due course of time, the TC reached consensus on the
> current approach and work progressed from there.
> 
> Whether or not the approach we took was the *ideal* technical solution
> is irrelevant. STIX 2.0 went through multiple CSDs (including multiple
> public comment periods during which concerns were raised and addressed
> by the community), then we progressed to a CS via a series of TC-wide
> ballots.
> 
> The ship has sailed, Bret. We're not going to rip out and redo Parts
> 3-5. The 2.0 specification is final and people are now busily
> implementing it.
> 
> We have many pressing matters pertaining to the evolution of STIX 2.1
> (and beyond) demanding our collective attention and effort. Let's keep
> our focus on moving forward as a community.
> 
> -- 
> Cheers,
> Trey
> ++--------------------------------------------------------------------------++
> Director of Standards Development, New Context
> gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338
> ++--------------------------------------------------------------------------++
> --
> "With sufficient thrust, pigs fly just fine. However, this is not
> necessarily a good idea. It is hard to be sure where they are going to
> land, and it could be dangerous sitting under them as they fly
> overhead." --RFC 1925
> 
> 
> .....
> 
> This message and attachments may contain confidential information. If it
> appears that this message was sent to you by mistake, any retention,
> dissemination, distribution or copying of this message and attachments
> is strictly prohibited. Please notify the sender immediately and
> permanently delete the message and any attachments.
> 
> . . . . .


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]