OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [cti] STIX 2.1 CSD01

I support this.


From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Trey Darley
Sent: Thursday, July 12, 2018 5:18 PM
To: Kirillov, Ivan A. <ikirillov@mitre.org>
Cc: Wunder, John A. <jwunder@mitre.org>; cti@lists.oasis-open.org
Subject: Re: [cti] STIX 2.1 CSD01


I also support this motion.





On Thu, 12 Jul 2018 at 22:28, Kirillov, Ivan A. <ikirillov@mitre.org> wrote:

I second this motion.





From: <cti@lists.oasis-open.org> on behalf of John Wunder <jwunder@mitre.org>
Date: Thursday, July 12, 2018 at 2:17 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] STIX 2.1 CSD01


>>>Email originates from a non-MITRE system. Use caution.<<<

Hi everyone,


As you probably know, one thing we as a TC are working as fast as we can towards is the release of our first CSD (Committee Specification Draft) of STIX 2.1. As you may recall, we plan on issuing a series of CSDs until such point we are ready to release a CS (Committee Specification). A CSD is basically the first step towards the TC formalizing normative text for the things included in a release of STIX, and is also the start of our recently-balloted TC process that includes sponsorship, implementation, and interoperability text.


At the same time, as we discuss the malware object, itâs becoming clear that we still have some work to do on it. We want to make sure we get it right, and in particular to consider how it relates to the Infrastructure object and other new SDOs planned for CSD02 and beyond.


This would do two things:

  1. It would remove pressure on us to rush to solution on Malware and give us enough time to build more implementations, try out other approaches, and get it right.
  2. It allows us to move forward on all of the other objects and features already in the CSD: Internationalization, Confidence, Location, Opinion, Note, support for mixed version content, and numerous other bug fixes and enhancements.


If this sounds good, we would immediately begin work to finalize the drafts to get us to a CSD01 ballot:

  • First, clean up any lingering issues in the current 2.1 text (including reverting Malware to what it was in 2.0)
  • Next, release STIX 2.1 WD01 (the first STIX 2.1 working draft) for a 2 week TC review period
  • Address comments, and rinse and repeat releasing working drafts for review until we have one that has no substantive changes.
  • Open a ballot to approve CSD01.


Based on maybe 2 iterations of the working drafts, that would mean opening a CSD ballot in the August timeframe. Once that happens and the CSD is approved we can continue our work to get sponsors, validate implementations, and write interoperability text.


In order to do this, I move that the TC approve by unanimous consent deferring Malware to a subsequent STIX 2.1 CSD and continuing with our CSD01 release process.


Thanks all,



Sent from my CRM-114 Discriminator

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]