[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] RE: [EXT] Re: [cti] Possible Changes to Observed Data
On 16.08.2018 12:07:33, Kelley, Sarah E. wrote: > Since the whole reason weâre contemplating changing how observed > data works is so that it fits for new use cases like malware and > infrastructure, Iâd like to suggest that we should hold off on > making a decision on how to change observed data until we know that > it will actually work with these new proposed objects. Since we > pushed malware from CSD01, and infrastructure was never in it, I > think we should hold off on making any changes to the observed data > object until we can work through these objects at the same > time. Otherwise we could wind up making changes now that ultimately > will need to be changed again if they donât work for > malware/infrastructure, etc. > That would be my preference, Sarah. We should back out the changes to Observed Data and issue draft-03. As an editor, I understand the pressure to resolve comments and get drafts out for review promptly. However Bret's suggested changes to Observed Data were accepted into draft-02 without being adequately discussed. (Neither Ivan Kirillov nor myself were consulted; as the Cyber Observable co-chairs, at the very least this should have happened.) In fact, we *should* have discussed this on a TC working call. As you rightly point out, the TC needs to validate that these changes to Observed Data are adequate to address the needs of Malware and Infrastructure. There are still a fair number of folks out on summer vacation. I recommend that we dedicate the entire working calls 11 & 18 September to discussing this with a larger audience. (The week of 03 September being US Labor Day holiday period, we'll likely have lower participation on the 04 September working call.) As Ivan and I are the Cyber Observable co-chairs and as we led the work on Malware, we will happily lead this discussion. If the TC elects to go this route, Ivan and I will work with together the TC membership to assemble a set of questions which will allow us to validate that the changes we make to Observed Data are fit-to-purpose for Malware and Infrastructure, and that they do not negatively impact STIX Patterning. -- Cheers, Trey ++--------------------------------------------------------------------------++ Director of Standards Development, New Context gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338 ++--------------------------------------------------------------------------++ -- "You know you have achieved perfection in design, not when you have nothing more to add, but when you have nothing more to take away." --Antoine de Saint-ExupÃry
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]