OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Updating the Extension Policy

Hi,

 

To support the creation and use of extensions for STIX 2.1, there is documentation of the policy, which was agreed upon by the TC this summer.  You can access this document here.

 

Additional issues related to this policy are now under discussion.  We would like a small group with interest in the extension policy, especially when it comes to validation of content that use extensions, to work on updating the policy document.  The following are some of the issues to be discussed:

 

  • What requirements should be adhered to for any validator implementation?
  • How are approved extension definitions expressed in a future STIX specification?
  • Should extensions based on external specifications and/or frameworks always remain extensions and not be an “official” part of the STIX specification (e.g., ATT&CK)?
  • Are there some requirements or best practices for creating a JSON schema for an extension definition – perhaps related to the requirements of a validator?

 

If you are interested in working on these issues, please contact me, so I can include you in a meeting invitation.

 

All the best,

 

                Rich

 

--

Rich Piazza

Lead Cyber Security Engineer

The MITRE Corporation

781-271-3760

––––––––––––––––––––––––––––––––––––

MITRE - Solving Problems for a Safer World™

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]