Dear TC colleagues:
OASIS staff recommended to our Board of Directors that the need to have your versions 2.0 licensed and
"out there" outweighs our continuing concern about its unusual DHS license conditions, for now. The Board agreed and has approved the release of the CS documents, with a variance for our trademarks policy rule, as was done with versions 1.0. Our TC Admin staff is preparing the publication versions of the v2.0 Committee Specifications for posting.
In discussions with DHS, the original contributors of the input specs to OASIS, we did express our concern about the potential chilling effect of the nonstandard license terms, as we've previously discussed with the TC. The agency is willing to consider evidence of implementer hesitation or inability to use the specs, if that arises. However, we didn't believe we have received enough clear indication of problems, yet, to make the case at this time for removal or paring of the DHS license terms.
The issue still may come up, as your work continues to move out into the world, more broadly past the scrum of stakeholders who have been involved since MITRE. So OASIS has reserved its right to re-raise the issue, if we encounter significant evidence of obstacles to widespread use. For this round, though, the current versions 2.0 are released subject to the existing license terms and guidance noted last year.
Thanks as always for your continuing contributions and hard work to make these projects, and the growing bases of code and threat-sharing parties that they support, a global cybersecurity success.
Kind regards
Jamie Clark and Chet Ensign