OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: For your consideration and the topic of Tuesday's working call


Dear CTI TC members -

As we approach the finish line on STIX 2.1, Rich and I, along with the
subcommittee co-chairs discussed the most effective approach to
finalizing the work effort. What follows is the proposal we developed,
but whether we adopt this approach is ultimately a TC decision. We
will be devoting the bulk of this weekâs Tuesday working call to an
open discussion around this proposal preparatory to presenting this
during Thursdayâs full TC calls.

The following list is in priority order and our goal is to tackle each
item in order as quickly as possible. In order to allow the TC to
focus our full attention on STIX 2.1, weâre also proposing to pause
TAXII 2.1 specification work for one month. We will re-examine that
decision next month and see if we feel that the TC has the cycles to
resume working on the TAXII specs.

Proposed CTI TC Roadmap for STIX 2.1 Completion
------------------------------------------------
1) Complete the ongoing SCO Integration into Main STIX 2.1 Documents:
  * SCO Integration
  * Grouping Object
  * Malware + Malware Analysis Objects
2) Publicize the revised draft specifications and ask for review by
   the TC.
3) Merge in revised Infrastructure SDO to STIX 2.1 (as discussed
   during the January F2F.)
4) Drive to consensus on the discussion thread about whether to permit
   UUIDv5 (in addition to UUIDv4) for all STIX Objects.
5) Resolve any remaining inconsistencies in the STIX 2.1
   specifications.
6) Issue a STIX 2.1 CSD02 for TC review.
7) The additions to CSD02 (SCO changes, Grouping, Malware, etc.) are
   validated to have interoperability tests defined and two or more
   sponsors attest to interoperable implementations, as per the
   process weâre using to validate Internationalization, Location,
   etc.
8) Review feedback from Sponsors based on their POC implementations.
9) In parallel with the sponsor vetting of STIX 2.1 CSD02, complete
   TAXII 2.1.
10) Update the interoperability test specs for STIX/TAXII 2.1 STIX
    Preferred.

Please give this some thoughtful consideration prior to this Tuesday's
TC working call and this Thursday's full TC call. Again, the TC
leadership at times makes considered recommendations to the community,
but ultimately the CTI TC decides as a community, not the TC and
subcommittee co-chairs.

If you have any questions, comments, or concerns, please raise them on
the list or privately with Richard and me.

With best regards,
Richard and Trey

-- 
Cheers,
Trey Darley
Co-chair, OASIS CTI TC
-- 
CERT.be
Centre for Cyber Security Belgium
Mail: trey.darley@cert.be
GPG: CA5B 29E4 937E 151E 2550  6607 AE9A 7FF2 8000 0E4E
-- 
Under the authority of the Prime Minister
Wetstraat 16 - 1000 Brussels - Belgium
Visiting address : Rue Ducale 4 â 1000 Brussels â Belgium
Contact: https://www.cert.be

Attachment: signature.asc
Description: PGP signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]