Agreed, the same motivation for wanting to do this for STIX applies to TAXII. Iâd also keep in mind that requiring sponsors and interop text makes it so that youâre not just evaluating technical feasibility (the implementation piece), youâre
also ensuring that thereâs defined use cases and a real scenario where it can be used (a concern discussed on the call). Itâs way easier to say yes to something new than to say no, so itâs important to have these checks in place to make sure we donât end up
with something overly broad again.
From: <firstname.lastname@example.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Date: Tuesday, November 27, 2018 at 4:15 PM
To: "Kelley, Sarah E." <email@example.com>
Cc: "firstname.lastname@example.org" <email@example.com>
Subject: Re: [cti] TAXII definition of "Done"
I would also agree that TAXII features should also meet the STIX definition of "done" in order to be included in the spec.
Lead Architect - IBM Security Connect
"Things may come to those who wait, but only the things left by those who hustle." - Unknown
From: "Kelley, Sarah E." <firstname.lastname@example.org>
To: "email@example.com" <firstname.lastname@example.org>
Date: 11/27/2018 04:56 PM
Subject: [cti] TAXII definition of "Done"
Sent by: <email@example.com>
As I mentioned on the working call today, we have imposed a very strict definition of âDoneâ for new features/objects in STIX, however, we have never agreed as a TC to impose the same rigorous standards to TAXII. Given the fact
that some of the issues that prompted us to implement this definition came about when people attempted to implement TAXII, it seems only logical to me that we would impose the same standards to both specifications.
As a reminder, the definition of âDoneâ for STIX includes:
Written specification text
Proof of concept code from at least two different developers/companies
Corresponding Interop tests
For some of the newer features in TAXII, namely TAXII query, it seems to make sense to me that it should be proved in code before we finalize it in the specification.
I wanted to bring this topic to the list and see what other people thought about this.
Lead Cybersecurity Engineer, T8B2
The MITRE Corporation
[attachment "image003.jpg" deleted by Jason Keirstead/CanEast/IBM]