[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: For your consideration and the topic of Tuesday's working call
Dear CTI TC members - As we approach the finish line on STIX 2.1, Rich and I, along with the subcommittee co-chairs discussed the most effective approach to finalizing the work effort. What follows is the proposal we developed, but whether we adopt this approach is ultimately a TC decision. We will be devoting the bulk of this weekâs Tuesday working call to an open discussion around this proposal preparatory to presenting this during Thursdayâs full TC calls. The following list is in priority order and our goal is to tackle each item in order as quickly as possible. In order to allow the TC to focus our full attention on STIX 2.1, weâre also proposing to pause TAXII 2.1 specification work for one month. We will re-examine that decision next month and see if we feel that the TC has the cycles to resume working on the TAXII specs. Proposed CTI TC Roadmap for STIX 2.1 Completion ------------------------------------------------ 1) Complete the ongoing SCO Integration into Main STIX 2.1 Documents: * SCO Integration * Grouping Object * Malware + Malware Analysis Objects 2) Publicize the revised draft specifications and ask for review by the TC. 3) Merge in revised Infrastructure SDO to STIX 2.1 (as discussed during the January F2F.) 4) Drive to consensus on the discussion thread about whether to permit UUIDv5 (in addition to UUIDv4) for all STIX Objects. 5) Resolve any remaining inconsistencies in the STIX 2.1 specifications. 6) Issue a STIX 2.1 CSD02 for TC review. 7) The additions to CSD02 (SCO changes, Grouping, Malware, etc.) are validated to have interoperability tests defined and two or more sponsors attest to interoperable implementations, as per the process weâre using to validate Internationalization, Location, etc. 8) Review feedback from Sponsors based on their POC implementations. 9) In parallel with the sponsor vetting of STIX 2.1 CSD02, complete TAXII 2.1. 10) Update the interoperability test specs for STIX/TAXII 2.1 STIX Preferred. Please give this some thoughtful consideration prior to this Tuesday's TC working call and this Thursday's full TC call. Again, the TC leadership at times makes considered recommendations to the community, but ultimately the CTI TC decides as a community, not the TC and subcommittee co-chairs. If you have any questions, comments, or concerns, please raise them on the list or privately with Richard and me. With best regards, Richard and Trey -- Cheers, Trey Darley Co-chair, OASIS CTI TC -- CERT.be Centre for Cyber Security Belgium Mail: trey.darley@cert.be GPG: CA5B 29E4 937E 151E 2550 6607 AE9A 7FF2 8000 0E4E -- Under the authority of the Prime Minister Wetstraat 16 - 1000 Brussels - Belgium Visiting address : Rue Ducale 4 â 1000 Brussels â Belgium Contact: https://www.cert.be
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]