OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [EXT] Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC

Hi All,

 

Thanks Alan.  Yes, the CTI TC working group has been working on a document to describe all things “Extension Definitions”.  The document has been greatly expanded since its initial release (version 1.0).  It is available at https://docs.google.com/document/d/1cGAQy93KuYZAgYUbzSomU_WIeDSUP4H7OVwbaBX5Szc, for your reading pleasure and review.  We hope to release version 1.1 by the end of the month.

 

                Rich

 

--

Rich Piazza

Lead Cyber Security Engineer

The MITRE Corporation

781-271-3760

––––––––––––––––––––––––––––––––––––

MITRE - Solving Problems for a Safer World™

 

From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of aa tt <atcyber1000@gmail.com>
Date: Friday, February 3, 2023 at 6:26 PM
To: Chet Ensign <chet.ensign@oasis-open.org>
Cc: Jason Keirstead <jason.keirstead@ca.ibm.com>, Alexandre Dulaunoy <alexandre.dulaunoy@circl.lu>, Bret Jordan <jordan.oasisopen@gmail.com>, Kelly Cullinane <kelly.cullinane@oasis-open.org>, cti <cti@lists.oasis-open.org>
Subject: [EXT] Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC

Chet - The SEP pointer you provided looks really old and obsolete.

 

I know that Rich Piazza and others were working on guidance for the STIX extension mechanisms introduced into STIX2.1 and best practices/process where people can define/develop their own…etc. 

 

I suggest folks familiarize themselves with STIX extensions. It’s very comprehensive on adding new SDOs, SROs, SCOs, and all the way down to individual attributes on existing SDOs/SCOs/SROs. I honestly can’t imagine a single new thing on top of STIX that wouldn’t be covered by the extension framework that we added.

 

Just need to create the open community around it. And that’s what I thought the TC developed with the best practice doc that I’m thinking of, that Rich helped publish.

 

Allan



On Feb 3, 2023, at 12:13 PM, Chet Ensign <chet.ensign@oasis-open.org> wrote:

 

Hi Allan, Jason, Alexandre, 

 

I missed this exchange somehow. Just finding it now. Here are some observations. 

 

Jason, you are correct. Only CTI TC members can participate in the making of the standard. We do allow TCs to use GitHub as a version control option but they have to treat it the same as if they were using SVN. That is, only TC members can make pull requests, etc. Any PRs or changes posed by non-members must be rejected. Those are set up in https://github.com/oasis-tcs. The CTI TC has 3 repos there. 

 

It isn't exactly correct to say the general public only gets to see work when it goes out for public review. Working drafts, regardless of where they are created, are publicly visible if someone wants to poke around. But that's just looking; they can't provide feedback unless they go through the cti-comment@ mailing list to confirm they'll abide by the ipr mode of the TC. 

 

TCs can spin off open source projects on https://github.com/oasis-open/. Those are not intended to be used for spec development but rather for related work. Those are handled under open source licenses and individual and entity CLAs are required from contributors before any pull requests can be approved. The CTI TC has started 18 of those (see https://github.com/orgs/oasis-open/repositories?language=&q=cti&sort=&type=all) and Allan, I believe the one you mean is cti-sep-repository (https://github.com/oasis-open/cti-sep-repository) for hosting STIX enhancement proposals. It hasn't been active in several years but it is still in place. 

 

Again, though - this is not a way to get around the requirement for membership in the TC in order to participate in developing the spec. It is a way for people to propose extensions governed by FOSS licensure, CLAs and non-assertion covenants. Work done in that repo could, in theory, be contributed to the TC but it would have to be done by a TC member who would state that they had the rights to make the contribution.

 

Let me know if this clarifies or confuses! 

 

/chet

 

On Fri, Feb 3, 2023 at 11:42 AM aa tt <atcyber1000@gmail.com> wrote:

Agreed with the raised concerns about IP problems introduced by moving away from the closed-to-non-member contribution process currently at OASIS.

 

That said, this was exactly why the extension model was introduced into STIX2.1 so facilitate open collaboration/contributions outside of the “standard” process so that like-minded vendors/org…etc could work on new things together that they required on top of the base STIX 2.1 standard. The extension mechanism should and is open-source by its nature. It already supports what Alexandre is suggesting but could be improved in terms of understanding/awareness and activities in that area. Clearly it’s not well-understood in the community that we already have the basis for what Alexandre wants. This was the whole point of what we did with extensions and how to extend the standard WITHOUT having to get involved as a member in OASIS or in the TC per se.

 

I suggest people consider this before changing the fundamentals of OASIS TC workings. It’s not required. Just use the extensions mechanisms in GitHub and create an active community around that and you get what Alexandre wants.

 

Regards

 

allan

 



On Feb 3, 2023, at 6:12 AM, Jason Keirstead <jason.keirstead@ca.ibm.com> wrote:

 

It would be good for Chet to weigh in on some of those, because I am not sure it is possible to move the TC process to Git unless it is transitioned entirely from a TC into an OASIS Open Project.

The IP rules around TCs mean that only TC members can participate in the development of the standard, the general public only sees it when calls for comment go out and/or when a work product is published – they don’t get to participate in the interim work product because it would invite submarine patents due to tainted IP. The OASIS OP processes that require a CLA to submit a PR to Github are what protects that.

 

-
Jason Keirstead
Distinguished Engineer, CTO - IBM Security Threat Management | www.ibm.com/security

 

Assistant - Mauricio Durán Cambronero (mauduran@ibm.com)

Co-Chair - Open Cybersecurity Alliance, Project Governing Board

www.opencybersecurityalliance.org

 

 

From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Alexandre Dulaunoy <alexandre.dulaunoy@x.circl.lu>
Date: Friday, February 3, 2023 at 4:22 AM
To: Bret Jordan <jordan.oasisopen@gmail.com>
Cc: Alexandre Dulaunoy <alexandre.dulaunoy@circl.lu>, Kelly Cullinane <kelly.cullinane@oasis-open.org>, cti <cti@lists.oasis-open.org>, Chet Ensign <chet.ensign@oasis-open.org>
Subject: [EXTERNAL] Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC

Dear Bret,

Thank you for your questions.

To answer your first question, my vision of the TC is to have a more open, asynchronous[1] and contributive environment.

If I have to name three things to be changed, I'm thinking of the following ones:

- Move the processes of the CTI TC into an open source process with a git repository acting as the primary source
- Publish requests for changes, updates or improvements of the standard in the git repository via pull-requests
- Remove the online meeting attendance requirements in order to maintain voting rights

The sub-groups/sub-committees strategy is working quite well but might need some updates to open the contributions from
different organisations using the standards and willing to take part of its improvement.

I really hope the CTI TC is moving forward in a community-driven model bringing values to all vendors and software developers by using
the standard and being able to provide their improvements in a timely manner.

Kind regards

[1] Meaning allowing all participants in different TZ/regions to contribute without having to get up in the middle of the night ;-)

--
Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
122, rue Adolphe Fischer - L-1521 Luxembourg
info@circl.lu - www.circl.lu - (+352) 247 88444

----- Original Message -----
From: "Bret Jordan" <jordan.oasisopen@gmail.com>
To: "Alexandre Dulaunoy" <alexandre.dulaunoy@circl.lu>
Cc: "Kelly Cullinane" <kelly.cullinane@oasis-open.org>, "cti" <cti@lists.oasis-open.org>, "Chet Ensign" <chet.ensign@oasis-open.org>
Sent: Thursday, 2 February, 2023 21:19:52
Subject: Re: [cti] Inviting nominations for Chair of Cyber Threat Intelligence (CTI) TC

Alexandre,

I would like to ask a few questions..

1) What is your vision and plan for the CTI TC?
2) What are the top three things that should be changed?
3) What are the things that are going well that you would like to see
continue?
4) In your view, what does the CTI TC look like in 3-5 years?

Bret


On Wed, Feb 1, 2023 at 3:50 AM Alexandre Dulaunoy <
alexandre.dulaunoy@x.circl.lu> wrote:

> Dear TC members, Dear Kelly,
>
> Thank you for your invitation.
>
> I would like to express my interest in becoming a Co-Chair candidate for
> the Cyber Threat Intelligence (CTI) TC.
>
> I have been leading the CIRCL (Computer Incident Response Center
> Luxembourg) team for the past 13 years
> and I'm additionally co-leading multiple open source projects/communities
> such as MISP and the MISP standard.
>
> What I could bring to the table as TC co-chair, would be my experience in
> both standard development as well
> as its application in real world scenarios and tooling.
>
> Cheers
>
> --
> Alexandre Dulaunoy
> CIRCL - Computer Incident Response Center Luxembourg
> 122, rue Adolphe Fischer - L-1521 Luxembourg
> info@circl.lu - www.circl.lu - (+352) 247 88444
>
> ----- Original Message -----
> From: "Kelly Cullinane" <kelly.cullinane@oasis-open.org>
> To: "cti" <cti@lists.oasis-open.org>
> Cc: "Chet Ensign" <chet.ensign@oasis-open.org>
> Sent: Wednesday, 1 February, 2023 01:00:00
> Subject: [cti] Inviting nominations for Chair of Cyber Threat Intelligence
> (CTI) TC
>
> To all members of the Cyber Threat Intelligence (CTI) TC:
>
>
> Due to the recent vacancy of both Co-Chair positions, the CTI TC is calling
> for nominations for new Chair/Co-Chairs. If you are interested in serving
> as a Chair or in nominating another individual for the position of Chair,
> you are welcome to make that candidacy known by posting a note to the TC's
> e-mail list expressing your interest and/or intent along with a brief
> statement of your or their qualifications.
>
>
> The call for nominations will be open for 7 days and close at 11:59pm UTC
> on 07 February 2023. The TC Administrator will then open a ballot for all
> eligible members to vote. Please be aware that only TC members with voting
> rights will be eligible to vote for the chair/co-chairs.
>
>
> Thank you,
> Kelly Cullinane
>
>
> --
>
> Kelly Cullinane
>
> Technical Community Program Steward
>
> OASIS Open
>
> +1-903-241-6063
> *kelly.cullinane@oasis-open.org <kelly.cullinane@oasis-open.org>*
> www.oasis-open.org
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 

 


 

--

Image removed by sender.

Chet Ensign

Chief Technical Community Steward

OASIS Open

 

 

 

Image removed by sender.

+1 201-341-1393

Image removed by sender.

chet.ensign@oasis-open.org

Image removed by sender.

www.oasis-open.org

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]