OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Recommendation on OASIS rule changes regarding TC charters

Hey, y'all -

As discussed during the January 2021 CTI TC member meeting, last July the OASIS
Board of Directors approved a revision of the Technical Committee (TC)
Process. The revised TC Process came into force effective 01 December
2020. Â1.10 ("TC Vitality") of that revised TC Process [1] requires that every
four years all OASIS Technical Committees review their charter and take one of
four actions:

    1) Continue with the current charter,
    2) Continue with a "clarified" charter (cannot expand the scope of the TC),
    3) Recharter the TC (necessary to expand the scope of the TC), or
    4) Close the TC.

Rich and I reviewed the revised process and the existing charter [2] and as
discussed in January, we believe that option #2 from the list above is the right
course of action for the moment. The current charter is a bit dated, making
references to things such as CybOX which are no longer parts of the standard and
therefore it makes sense to remove those. However, OASIS rules are quite clear
that while you can *shrink* the scope of a TC (e.g., to remove references to
CybOX) during a "clarification" of a charter, that any *expansions* in scope
requires a full re-chartering of the TC. The way OASIS defines rechartering
essentially requires the TC to be closed, and then re-opened under the new
charter, and then everyone must rejoin the new TC.

Given where we are right now, at long last just on the cusp of having STIX 2.1
and TAXII 2.1 as full OASIS Standards, we don't believe that it makes sense to
recharter the CTI TC - *at this moment*. Rich and I are firmly convinced that
there is a need for an extended conversation within the CTI TC about where we
want to go in the future. But now is not the time for that future-visioning,
"What do we want to work on next, and do we need to do a major re-chartering of
the TC in order to do these amazing things we want to do?" conversation. The
time for that conversation is *after* STIX 2.1 and TAXII 2.1 have reached full
OASIS Standard status this summer. And it is very likely that the TC would
benefit from having that conversation under fresh leadership.

Therefore we've revised the charter [3] in the spirit of "clarification". We
encourage you to review the proposed changes which we will be discussing during
this month's full TC calls. Once the TC has reached consensus on the contents of
the clarified charter, we'll ask OASIS to open the ballot to approve the

Please let us know if you have any questions or concerns.

[1]: https://www.oasis-open.org/policies-guidelines/tc-process-2017-05-26/#tcVitality
[2]: https://www.oasis-open.org/committees/cti/charter.php
[3]: https://docs.google.com/document/d/11dQqe0YhdY1byKF5f9FckvNUq2lrcr1EmzWLd8_oxvU/edit?usp=sharing


Trey & Rich

Trey Darley (he/him)
Co-chair, OASIS CTI TC
Systems and Security Architect, CERT.be
The main trouble with juggling is that the balls go where you throw them.
CERT.be / Centre for Cyber Security Belgium
Mail: trey.darley@cert.be
GPG: CA5B 29E4 937E 151E 2550  6607 AE9A 7FF2 8000 0E4E
Web: https://www.cert.be
Under the authority of the Prime Minister
rue de la Loi 16/Wetstraat 16, 1000 Brussels - Belgium

Attachment: signature.asc
Description: PGP signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]