OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [External] RE: [cti] Propose ITU STIX standard as agenda topic for next month


Jason,

 

Speaking for myself, I don’t think there are any “concerns” per sé, but more questions around process and what ITU standardization means for updates and additions to the spec over time.  Does acceptance and publication by ITU put any additional restrictions on things?  I am generally in favor, as this would open up broader acceptance of the TC standards for international use.  I just don’t know enough about the process to make a truly informed decision.

 

Best,

Rob

 

From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> On Behalf Of Jason Keirstead
Sent: Thursday, April 21, 2022 7:11 PM
To: Bret Jordan <bj@ctin.us>; Duncan Sparrell <duncan@sfractal.com>
Cc: cti@lists.oasis-open.org
Subject: [External] RE: [cti] Propose ITU STIX standard as agenda topic for next month

 

I just want to chime in that, for whatever it's worth,  I fully support this as well. 

 

Unfortunately I could not make the meeting so I am unclear what if any concerns were raised - and am somewhat surprised there are any ? - I am also interested in

hearing them be raised on the list, as soon as possible. 

 

 

--

Jason Keirstead

Distinguished Engineer, CTO - IBM Security Threat Management | www.ibm.com/security

Declare an Emergency: USA +1 888 241 9812, Global +1 312 212 8034

 

Assistant - Mauricio Durán Cambronero (mauduran@ibm.com)

See my calendar - https://ibm.biz/jkcalendar


Co-Chair - Open Cybersecurity Alliance, Project Governing Board

www.opencybersecurityalliance.org

 

 


From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Bret Jordan <bj@ctin.us>
Sent: Thursday, April 21, 2022, 4:46 p.m.
To: Duncan Sparrell <duncan@sfractal.com>
Cc: cti@lists.oasis-open.org <cti@lists.oasis-open.org>
Subject: [EXTERNAL] Re: [cti] Propose ITU STIX standard as agenda topic for next month


I fully support this for both STIX 2.1 and TAXII 2.1. I was the one that originally floated the idea to the ITU-T SG17 Chair and the US and UK delegations. I still fully support this and would suggest that the TC vote on this so that it can ZjQcmQRYFpfptBannerStart

This Message Is From an External Sender

This message came from outside your organization.

ZjQcmQRYFpfptBannerEnd
I fully support this for both STIX 2.1 and TAXII 2.1. I was the one that originally floated the idea to the ITU-T SG17 Chair and the US and UK delegations. I still fully support this and would suggest that the TC vote on this so that it can be official. If there are any issues, as Duncan mentioned, please air them on the public mailing list so that they can be archived and documented. 

 

Thanks

Bret

 



On Apr 21, 2022, at 10:19 AM, duncan sfractal.com <duncan@sfractal.com> wrote:

 

I would like to propose that there be an agenda item on next month’s TC call to discuss whether CTI TC should liaison with ITU on making STIX 2.1 an ITU standard.

 

My understanding (as official OASIS Liaison to ITU SG17 and attending most SG17 meetings for last few years) is that ITU has sent OASIS several liaisons requesting this. My understanding (from discussion with OASIS legal counsel) is that it was inappropriate prior to STIX becoming an OASIS standard (ie TC committee spec is not appropriate, but OASIS standard is) and that had been the holdup in the past. OASIS formally responded to ITU with that fact and implied that once STIX 2.1 was approved as standard, that OASIS would then proceed with ITU standardization. STIX 2.1 is now an OASIS standard so that hurdle is removed. Today was the first I’d heard that there are other concerns. I would like those concerns aired (ideally via email prior to next month’s TC meeting) and a plan created to address them if possible so we at least know a proposed timeline on when we might proceed. Or to decide that ITU standardization is inappropriate if that is the will of the group (which I really hope it is not the case).

 

OASIS is proud that one of it’s advantages is that it has been a path to ITU standardization for many influential standards. In my opinion, ITU standardization would help address many of the issues brought up on today’s call with respect to increasing STIX awareness and adoption, and a more global reach for the TC.

 

Ditto everything above for TAXII but in the interest of one-step-at-a-time, I’ll settle for discussing STIX.

 

-- 

Duncan Sparrell

sFractal Consulting LLC

iPhone, iTypo, iApologize

I welcome VSRE emails. Learn more at http://vsre.info/

 

 




This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]