OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [EXT] Re: [cti] STIX 2.1 CSD02 Sponsorship?

That makes sense to me, Allan. Any other thoughts as to the âtypeâ of sponsorship for the below items?





From: <cti@lists.oasis-open.org> on behalf of Allan Thomson <athomson@lookingglasscyber.com>
Date: Friday, August 9, 2019 at 11:25 AM
To: Ivan Kirillov <ikirillov@mitre.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [EXT] Re: [cti] STIX 2.1 CSD02 Sponsorship?


Ivan â I would suggest that the user of SCO as top-level objects just needs to be conceptually verified.


A couple of real-world examples might suffice.


  1. Malware SDO and/or Malware Analysis SDO referencing SCO artifacts
  2. Observed Data referencing SCO artifacts as part of a sighting/observed-data/indicator trifecta.


Those 2 examples might be good enough.


Allan Thomson

CTO (+1-408-331-6646)

LookingGlass Cyber Solutions


From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of "Kirillov, Ivan" <ikirillov@mitre.org>
Date: Friday, August 9, 2019 at 10:16 AM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] STIX 2.1 CSD02 Sponsorship?




Now that STIX 2.1 CSD02 is out the door, we can begin the sponsorship process. However, one of the questions that we (MITRE/DHS) have is with regards to the âtypeâ of sponsorship expected for each item â âfullâ (code + interop text) or just working code. If you recall from the last sponsorship period, certain things like confidence only required working code while others such as the Opinion & Note objects required interop text as well.


Hereâs the list of items for sponsorship, along with my own thoughts as to the type of sponsorship:


  • COA: full
  • Grouping: full
  • Infrastructure: full
  • Malware: full
  • Malware Analysis: full
  • SCOs as top-level objects: full â however, the level of detail on this one is quite open. Maybe different sponsors can choose different SCOs to cover?
  • SCO relationships: working code
  • Deterministic IDs: working code


Also, I would suggest that we donât formally start the sponsorship period until we get this question resolved, so that sponsors have a better understanding of what is expected.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]