OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: STIX and TAXII v2,0, CS release and trademarks

Dear TC colleagues:

OASIS staff recommended to our Board of Directors that the need to have your versions 2.0 licensed and "out there" outweighs our continuing concern about its unusual DHS license conditions, for now.  The Board agreed and has approved the release of the CS documents, with a variance for our trademarks policy rule, as was done with versions 1.0.  Our TC Admin staff is preparing the publication versions of the v2.0 Committee Specifications for posting.
In discussions with DHS, the original contributors of the input specs to OASIS, we did express our concern about the potential chilling effect of the nonstandard license terms, as we've previously discussed with the TC.  The agency is willing to consider evidence of implementer hesitation or inability to use the specs, if that arises.  However, we didn't believe we have received enough clear indication of problems, yet, to make the case at this time for removal or paring of the DHS license terms.

The issue still may come up, as your work continues to move out into the world, more broadly past the scrum of stakeholders who have been involved since MITRE.  So OASIS has reserved its right to re-raise the issue, if we encounter significant evidence of obstacles to widespread use.  For this round, though, the current versions 2.0 are released subject to the existing license terms and guidance noted last year. 

Thanks as always for your continuing contributions and hard work to make these projects, and the growing bases of code and threat-sharing parties that they support, a global cybersecurity success.

Kind regards 
Jamie Clark and Chet Ensign

James Bryce Clark, General Counsel
OASIS: Advancing open standards for the information society

OASIS+FIRST Borderless Cyber Prague:  j.mp/praguecybersec
EU Commission 2017 Plan for Open ICT Standards:  j.mp/EUstds2017
Cybersecurity standards at RSAc 2017:  j.mp/OASIS2017RSA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]