OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Adding an Incident SDO stub to 2.1

The editors would like to propose an addition to the specification, suggested by Paul Patrick.


Many in the community have commented about the lack of an Incident SDO in STIX 2.1.  This has caused them to define their own, as a custom object.  With the inclusion of the STIX extension facility into the specification, it has been suggested that the 2.1 spec includes a âstubâ for Incident.  This âstubâ would act as a placeholder, from which the members of the community could base the extensions for their Incident content.  The text added to the specification to define the Incident SDO would be minimal â similar to the stub for the Course of Action. 


Please respond if you feel this addition to the specification should not happen.  If there is any objections, we can discuss them on the next weekâs call.


                Rich P.



Rich Piazza

Lead Cyber Security Engineer

The MITRE Corporation








[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]