My biggest concern with making these changes is that it feels like it might be a lot of change for a dot release. Like if someone is just looking for what has changed between 2.0 and 2.1 itâs going to be much harder to figure it out if
we totally rearrange where to find things in the docs. Iâm not opposed to the changes, but maybe this isnât the best time.
I also agree with Rich that this would take a considerable amount of time and thus potentially delay 2.1.
Thanks,
Sarah Kelley
Lead Cybersecurity Engineer, T8B2
Defensive Operations
The MITRE Corporation
703-983-6242
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org>
On Behalf Of Piazza, Rich
Sent: Monday, February 11, 2019 10:22 AM
To: Bret Jordan <Bret_Jordan@symantec.com>; cti@lists.oasis-open.org
Subject: [cti] Re: [EXT] [cti] Structural Changes to the STIX Docs
Iâm open to discussing these changes. I have to read thru the changes from the F2F, and I havenât had the time yet.
My initial comment is that I kinda like have the underlying objects (the SOOs) in a separate document. It helps make a clean separation of between
SDOs which are about the CTI information in the content, and SOOs which is more like metadata. On the other hand, I never understood why the Vocabularies werenât in Part 2.
I also see the common properties as metadata.
If Part 1 is all about metadata perhaps Part 3 could be merged in, since Part 3 is all about cyber observables metadata.
The custom sections on Part 1 and 3 do seem somewhat redundant.
I just want to state that if making these editorial changes would significantly delay the release of STIX 2.1, then I would suggest we defer this to 2.2.
From: <cti@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date: Friday, February 8, 2019 at 5:02 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [EXT] [cti] Structural Changes to the STIX Docs
All,
As one of your editors on STIX, I would like to propose a few structural changes to the documents.
1) I would like to move all STIX objects to Part 2 and have the Common Properties be the first section in Part 2. Basically have a STIX Domain Objects section, a STIX Relationship Objects section,
and a STIX Other Objects section for the Bundle, Language Content, and Marking Definition.
2) I would like to see about merging Part 3 in to Part 1. The lines between them and the Chinese wall that we had between them, is fading fast.
3) I would like to have a common properties section in Part 4, as the first section. Basically all of the common properties for Cyber Observable Objects.
This would then leave us with 3 main parts + pattern instead of 4 + patterning
I would then like to change the definition of STIX Objects to include SDOs, SROs, SOOs, and SCOs. I think this will help people better understand what we are talking about and give us a better
way of referencing all of the parts.
Bret