OASIS Cyber Threat Intelligence (CTI) TC

 View Only
  • 1.  Winds of change

    Posted 06-17-2021 14:44
    All, First off, I want to congratulate everyone on the amazing accomplishment of getting STIX 2.1 and TAXII 2.1 to be full OASIS standards. Over the past 6 years (May 2015 to June 2021) here at OASIS this TC has done an amazing amount of work, including producing, editing, and releasing eight specifications: STIX 1.2.1, TAXII 1.1.1, STIX 2.0, TAXII 2.0, Interop Part 1, Interop Part 2, STIX 2.1, and TAXII 2.1. That kind of cadence is just light speed compared to other formal standards. My journey with this work started in 2013 while at Solera Networks. I believe my first post to the then MITRE STIX Discussion list was on Mar 27, 2014 [1] when I shared my redrawn STIX diagram. I then followed that email with some 577 more emails before we went to OASIS. As some of you may remember, I was a strong proponent of moving to JSON back in those early days and started beating the drum at the end of 2014. I think my first JSON proposal for STIX was on Jan 21, 2015 [2] and I followed that up with starting a JSON binding spec for TAXII on March 04, 2015 [3]. But that was a long time ago and this TC has come a long way. In May 2015 we moved to OASIS and this TC took a chance on me and made me a Co-Chair on TAXII and an editor for both STIX and TAXII. Since then I have worked hard with the other editors to help deliver high quality documents that reflect TC wide consensus, are written in a common voice, are easy to follow and read, and have lots of examples. I remember at times in the STIX 2.0 days of having daily 3-4 hour editor calls with John Wunder and Rich Piazza for weeks on end as we tried to address hundreds of comments and suggestions each day. Then on a Tuesday in early February 2019 Allan Thomson and I met with Rich Struse and Trey Darley, our wonderful TC Chairs, as we discussed the issues and problems of getting STIX 2.1 and TAXII 2.1 done. I expressed my concerns and frustrations at our lack of velocity and progress. I remember telling Rich that I needed to either shut up, step up, or walk away . Through that discussion I decided to stay involved and made a personal commitment to Rich that I would do everything I could to help get STIX and TAXII 2.1 to the finish line. Then shortly after that time there was another change in TC leadership and this TC took another chance on me and made me Co-Chair for STIX as well. Over the last 8 years of being involved in this work, I have learned a lot. Cooperation, gaining consensus, bringing people together while not being divisive, listening and understanding other people s views, managing a massive project with hundreds of contributors, writing and compiling massive documents filled with prose and normative text are just some of what I have learned. Through this learning, I have made mistakes and said things I wished I could undo. I wish I would have treated everyone with more kindness and respect, and spent more time listening to your thoughts and ideas. To any of you that I have offended, I do apologize. I am so grateful that I was able to work on this project and that this TC trusted me to help. I now believe I have fulfilled my personal commitment to Rich and this TC, and as such I think it is time for me to step down and let someone else run with this work. I therefor respectfully request that you accept my resignation as Co-Chair of STIX, Chair of TAXII, editor of STIX, and editor of TAXII. This work could not have been done, nor could I have learned so much without all of you. I am truly thankful and grateful that I have been able to work with all of you over the past 8 years. Respectfully, Bret [1] - http://making-security-measurable.1364806.n2.nabble.com/STIX-Diagram-td7583044.html [2] - http://making-security-measurable.1364806.n2.nabble.com/STIX-JSON-Draft-Proposal-v0-1-td7585634.html [3] - http://making-security-measurable.1364806.n2.nabble.com/TAXII-TAXII-support-td7586234.html

  • 2.  Re: [cti] Winds of change

    Posted 06-17-2021 14:57
    Bret - I think I speak on behalf of everyone in the CTI TC when I say thank you for all of your hard work, dedication and focus. STIX and TAXII would simply not be where they are today if it weren't for all of your efforts. Perhaps most importantly, you have left us in a good place - with our major goals accomplished and a solid foundation for the next generation of TC leadership to build on. For me personally, I want to thank you for being tireless in the face of the mountain of work this TC has undertaken. We haven't always agreed and I've sometimes wished for different outcomes, but ultimately, as I stand back and gaze upon the work that we as a TC have done, I am proud of what we have done together as a team. You will be missed. Thanks, Rich ïOn 6/17/21, 10:43 AM, "cti@lists.oasis-open.org on behalf of Bret Jordan" <cti@lists.oasis-open.org on behalf of bj@ctin.us> wrote: All, First off, I want to congratulate everyone on the amazing accomplishment of getting STIX 2.1 and TAXII 2.1 to be full OASIS standards. Over the past 6 years (May 2015 to June 2021) here at OASIS this TC has done an amazing amount of work, including producing, editing, and releasing eight specifications: STIX 1.2.1, TAXII 1.1.1, STIX 2.0, TAXII 2.0, Interop Part 1, Interop Part 2, STIX 2.1, and TAXII 2.1. That kind of cadence is just light speed compared to other formal standards. My journey with this work started in 2013 while at Solera Networks. I believe my first post to the then MITRE STIX Discussion list was on Mar 27, 2014 [1] when I shared my redrawn STIX diagram. I then followed that email with some 577 more emails before we went to OASIS. As some of you may remember, I was a strong proponent of moving to JSON back in those early days and started beating the drum at the end of 2014. I think my first JSON proposal for STIX was on Jan 21, 2015 [2] and I followed that up with starting a JSON binding spec for TAXII on March 04, 2015 [3]. But that was a long time ago and this TC has come a long way. In May 2015 we moved to OASIS and this TC took a chance on me and made me a Co-Chair on TAXII and an editor for both STIX and TAXII. Since then I have worked hard with the other editors to help deliver high quality documents that reflect TC wide consensus, are written in a common voice, are easy to follow and read, and have lots of examples. I remember at times in the STIX 2.0 days of having daily 3-4 hour editor calls with John Wunder and Rich Piazza for weeks on end as we tried to address hundreds of comments and suggestions each day. Then on a Tuesday in early February 2019 Allan Thomson and I met with Rich Struse and Trey Darley, our wonderful TC Chairs, as we discussed the issues and problems of getting STIX 2.1 and TAXII 2.1 done. I expressed my concerns and frustrations at our lack of velocity and progress. I remember telling Rich that I needed to either shut up, step up, or walk away . Through that discussion I decided to stay involved and made a personal commitment to Rich that I would do everything I could to help get STIX and TAXII 2.1 to the finish line. Then shortly after that time there was another change in TC leadership and this TC took another chance on me and made me Co-Chair for STIX as well. Over the last 8 years of being involved in this work, I have learned a lot. Cooperation, gaining consensus, bringing people together while not being divisive, listening and understanding other people s views, managing a massive project with hundreds of contributors, writing and compiling massive documents filled with prose and normative text are just some of what I have learned. Through this learning, I have made mistakes and said things I wished I could undo. I wish I would have treated everyone with more kindness and respect, and spent more time listening to your thoughts and ideas. To any of you that I have offended, I do apologize. I am so grateful that I was able to work on this project and that this TC trusted me to help. I now believe I have fulfilled my personal commitment to Rich and this TC, and as such I think it is time for me to step down and let someone else run with this work. I therefor respectfully request that you accept my resignation as Co-Chair of STIX, Chair of TAXII, editor of STIX, and editor of TAXII. This work could not have been done, nor could I have learned so much without all of you. I am truly thankful and grateful that I have been able to work with all of you over the past 8 years. Respectfully, Bret [1] - https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaking-security-measurable.1364806.n2.nabble.com%2FSTIX-Diagram-td7583044.html&amp;data=04%7C01%7Crstruse%40mitre-engenuity.org%7C44b95898a8204cccd90d08d9319e507a%7C78bf2ef2f219468e956f46690360df46%7C0%7C0%7C637595378299278064%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qufLPVcbX2yXcu0NufymgLGOrtgAVh6HOexAuyvlu3M%3D&amp;reserved=0 [2] - https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaking-security-measurable.1364806.n2.nabble.com%2FSTIX-JSON-Draft-Proposal-v0-1-td7585634.html&amp;data=04%7C01%7Crstruse%40mitre-engenuity.org%7C44b95898a8204cccd90d08d9319e507a%7C78bf2ef2f219468e956f46690360df46%7C0%7C0%7C637595378299278064%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=Tgm6T0FVeXeKrG4dJxhp9MVlEq8RMw9DhFlfSFRYqpU%3D&amp;reserved=0 [3] - https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fmaking-security-measurable.1364806.n2.nabble.com%2FTAXII-TAXII-support-td7586234.html&amp;data=04%7C01%7Crstruse%40mitre-engenuity.org%7C44b95898a8204cccd90d08d9319e507a%7C78bf2ef2f219468e956f46690360df46%7C0%7C0%7C637595378299278064%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=7JjxfV80bOd%2BEpoSWDfePblZ2hyqd2Nze5FFMhg39os%3D&amp;reserved=0 --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.oasis-open.org%2Fapps%2Forg%2Fworkgroup%2Fportal%2Fmy_workgroups.php&amp;data=04%7C01%7Crstruse%40mitre-engenuity.org%7C44b95898a8204cccd90d08d9319e507a%7C78bf2ef2f219468e956f46690360df46%7C0%7C0%7C637595378299278064%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&amp;sdata=qpeTusDZG2c8K%2BDtlaqU%2Fi1oRsUItoFwnmPmLRWIsl4%3D&amp;reserved=0

  • 3.  Re: [cti] Winds of change

    Posted 06-17-2021 17:24
    I agree with Rich. While I am nowhere near conversant in the details, I've seen the volume of emails and Slack chat, the meeting invitations and minutes, and ultimately the rounds of approvals and public reviews and publications that were the direct result. You managed one heck of a big ship here. I'd also like to note, for those who may not be aware, that while you were managing all *those* moving parts, you were also challenging OASIS to do better. You put forward suggestions and ideas and questions and worked with us on a host of changes that made things here simpler, cleaner, easier to understand and follow and this organization is better today as a direct result. And that is something I look forward to continuing to work on with you. Thanks Bret for all that you've done and continue to do. /chet On Thu, Jun 17, 2021 at 10:56 AM Richard Struse < rstruse@mitre-engenuity.org > wrote: Bret - I think I speak on behalf of everyone in the CTI TC when I say thank you for all of your hard work, dedication and focus. STIX and TAXII would simply not be where they are today if it weren't for all of your efforts. Perhaps most importantly, you have left us in a good place - with our major goals accomplished and a solid foundation for the next generation of TC leadership to build on. For me personally, I want to thank you for being tireless in the face of the mountain of work this TC has undertaken. We haven't always agreed and I've sometimes wished for different outcomes, but ultimately, as I stand back and gaze upon the work that we as a TC have done, I am proud of what we have done together as a team. You will be missed. Thanks, Rich ïOn 6/17/21, 10:43 AM, " cti@lists.oasis-open.org on behalf of Bret Jordan" < cti@lists.oasis-open.org on behalf of bj@ctin.us > wrote: All, First off, I want to congratulate everyone on the amazing accomplishment of getting STIX 2.1 and TAXII 2.1 to be full OASIS standards. Over the past 6 years (May 2015 to June 2021) here at OASIS this TC has done an amazing amount of work, including producing, editing, and releasing eight specifications: STIX 1.2.1, TAXII 1.1.1, STIX 2.0, TAXII 2.0, Interop Part 1, Interop Part 2, STIX 2.1, and TAXII 2.1. That kind of cadence is just light speed compared to other formal standards. My journey with this work started in 2013 while at Solera Networks. I believe my first post to the then MITRE STIX Discussion list was on Mar 27, 2014 [1] when I shared my redrawn STIX diagram. I then followed that email with some 577 more emails before we went to OASIS. As some of you may remember, I was a strong proponent of moving to JSON back in those early days and started beating the drum at the end of 2014. I think my first JSON proposal for STIX was on Jan 21, 2015 [2] and I followed that up with starting a JSON binding spec for TAXII on March 04, 2015 [3]. But that was a long time ago and this TC has come a long way. In May 2015 we moved to OASIS and this TC took a chance on me and made me a Co-Chair on TAXII and an editor for both STIX and TAXII. Since then I have worked hard with the other editors to help deliver high quality documents that reflect TC wide consensus, are written in a common voice, are easy to follow and read, and have lots of examples. I remember at times in the STIX 2.0 days of having daily 3-4 hour editor calls with John Wunder and Rich Piazza for weeks on end as we tried to address hundreds of comments and suggestions each day. Then on a Tuesday in early February 2019 Allan Thomson and I met with Rich Struse and Trey Darley, our wonderful TC Chairs, as we discussed the issues and problems of getting STIX 2.1 and TAXII 2.1 done. I expressed my concerns and frustrations at our lack of velocity and progress. I remember telling Rich that I needed to either shut up, step up, or walk away . Through that discussion I decided to stay involved and made a personal commitment to Rich that I would do everything I could to help get STIX and TAXII 2.1 to the finish line. Then shortly after that time there was another change in TC leadership and this TC took another chance on me and made me Co-Chair for STIX as well. Over the last 8 years of being involved in this work, I have learned a lot. Cooperation, gaining consensus, bringing people together while not being divisive, listening and understanding other people s views, managing a massive project with hundreds of contributors, writing and compiling massive documents filled with prose and normative text are just some of what I have learned. Through this learning, I have made mistakes and said things I wished I could undo. I wish I would have treated everyone with more kindness and respect, and spent more time listening to your thoughts and ideas. To any of you that I have offended, I do apologize. I am so grateful that I was able to work on this project and that this TC trusted me to help. I now believe I have fulfilled my personal commitment to Rich and this TC, and as such I think it is time for me to step down and let someone else run with this work. I therefor respectfully request that you accept my resignation as Co-Chair of STIX, Chair of TAXII, editor of STIX, and editor of TAXII. This work could not have been done, nor could I have learned so much without all of you. I am truly thankful and grateful that I have been able to work with all of you over the past 8 years. Respectfully, Bret [1] - https://nam11.safelinks.protection.outlook.com/?url= > [2] - https://nam11.safelinks.protection.outlook.com/?url= > [3] - https://nam11.safelinks.protection.outlook.com/?url= > --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://nam11.safelinks.protection.outlook.com/?url= > -- Chet Ensign Chief Technical Community Steward OASIS Open +1 201-341-1393 chet.ensign@oasis-open.org www.oasis-open.org

  • 4.  Fwd: [cti] Winds of change

    Posted 06-17-2021 16:51
    [internal] No action needed, just noting Bret's moving-on message. Seems like a pretty good valedictory to me. Glad we made him a DC. Jamie James Bryce Clark, General Counsel, OASIS Open, setting the standard for open collaboration Bret - I think I speak on behalf of everyone in the CTI TC when I say thank you for all of your hard work, dedication and focus. STIX and TAXII would simply not be where they are today if it weren't for all of your efforts. Perhaps most importantly, you have left us in a good place - with our major goals accomplished and a solid foundation for the next generation of TC leadership to build on. For me personally, I want to thank you for being tireless in the face of the mountain of work this TC has undertaken. We haven't always agreed and I've sometimes wished for different outcomes, but ultimately, as I stand back and gaze upon the work that we as a TC have done, I am proud of what we have done together as a team. You will be missed. Thanks, Rich ---------- Forwarded message --------- From: Bret Jordan < bj@ctin.us > Date: Thu, Jun 17, 2021 at 7:43 AM Subject: [cti] Winds of change To: OASIS CTI TC Discussion List < cti@lists.oasis-open.org > All, First off, I want to congratulate everyone on the amazing accomplishment of getting STIX 2.1 and TAXII 2.1 to be full OASIS standards. Over the past 6 years (May 2015 to June 2021) here at OASIS this TC has done an amazing amount of work, including producing, editing, and releasing eight specifications: STIX 1.2.1, TAXII 1.1.1, STIX 2.0, TAXII 2.0, Interop Part 1, Interop Part 2, STIX 2.1, and TAXII 2.1. That kind of cadence is just light speed compared to other formal standards. My journey with this work started in 2013 while at Solera Networks. I believe my first post to the then MITRE STIX Discussion list was on Mar 27, 2014 [1] when I shared my redrawn STIX diagram. I then followed that email with some 577 more emails before we went to OASIS. As some of you may remember, I was a strong proponent of moving to JSON back in those early days and started beating the drum at the end of 2014. I think my first JSON proposal for STIX was on Jan 21, 2015 [2] and I followed that up with starting a JSON binding spec for TAXII on March 04, 2015 [3]. But that was a long time ago and this TC has come a long way. In May 2015 we moved to OASIS and this TC took a chance on me and made me a Co-Chair on TAXII and an editor for both STIX and TAXII. Since then I have worked hard with the other editors to help deliver high quality documents that reflect TC wide consensus, are written in a common voice, are easy to follow and read, and have lots of examples. I remember at times in the STIX 2.0 days of having daily 3-4 hour editor calls with John Wunder and Rich Piazza for weeks on end as we tried to address hundreds of comments and suggestions each day. Then on a Tuesday in early February 2019 Allan Thomson and I met with Rich Struse and Trey Darley, our wonderful TC Chairs, as we discussed the issues and problems of getting STIX 2.1 and TAXII 2.1 done. I expressed my concerns and frustrations at our lack of velocity and progress. I remember telling Rich that I needed to either shut up, step up, or walk away . Through that discussion I decided to stay involved and made a personal commitment to Rich that I would do everything I could to help get STIX and TAXII 2.1 to the finish line. Then shortly after that time there was another change in TC leadership and this TC took another chance on me and made me Co-Chair for STIX as well. Over the last 8 years of being involved in this work, I have learned a lot. Cooperation, gaining consensus, bringing people together while not being divisive, listening and understanding other people s views, managing a massive project with hundreds of contributors, writing and compiling massive documents filled with prose and normative text are just some of what I have learned. Through this learning, I have made mistakes and said things I wished I could undo. I wish I would have treated everyone with more kindness and respect, and spent more time listening to your thoughts and ideas. To any of you that I have offended, I do apologize. I am so grateful that I was able to work on this project and that this TC trusted me to help. I now believe I have fulfilled my personal commitment to Rich and this TC, and as such I think it is time for me to step down and let someone else run with this work. I therefor respectfully request that you accept my resignation as Co-Chair of STIX, Chair of TAXII, editor of STIX, and editor of TAXII. This work could not have been done, nor could I have learned so much without all of you. I am truly thankful and grateful that I have been able to work with all of you over the past 8 years. Respectfully, Bret [1] - http://making-security-measurable.1364806.n2.nabble.com/STIX-Diagram-td7583044.html [2] - http://making-security-measurable.1364806.n2.nabble.com/STIX-JSON-Draft-Proposal-v0-1-td7585634.html [3] - http://making-security-measurable.1364806.n2.nabble.com/TAXII-TAXII-support-td7586234.html

  • 5.  Re: [cti] Winds of change

    Posted 06-17-2021 17:39
    Bret - Your contributions to STIX and TAXII have made a significant impact to both standards and the industry that uses them. Thank you for collaboration, spirit, drive and intellect helping us make better standards. On a personal level, I have really appreciated your support and your guidance. We couldn t have done without you. Regards Allan > On Jun 17, 2021, at 7:43 AM, Bret Jordan <bj@ctin.us> wrote: > > All, > > > First off, I want to congratulate everyone on the amazing accomplishment of getting STIX 2.1 and TAXII 2.1 to be full OASIS standards. Over the past 6 years (May 2015 to June 2021) here at OASIS this TC has done an amazing amount of work, including producing, editing, and releasing eight specifications: STIX 1.2.1, TAXII 1.1.1, STIX 2.0, TAXII 2.0, Interop Part 1, Interop Part 2, STIX 2.1, and TAXII 2.1. That kind of cadence is just light speed compared to other formal standards. > > My journey with this work started in 2013 while at Solera Networks. I believe my first post to the then MITRE STIX Discussion list was on Mar 27, 2014 [1] when I shared my redrawn STIX diagram. I then followed that email with some 577 more emails before we went to OASIS. As some of you may remember, I was a strong proponent of moving to JSON back in those early days and started beating the drum at the end of 2014. I think my first JSON proposal for STIX was on Jan 21, 2015 [2] and I followed that up with starting a JSON binding spec for TAXII on March 04, 2015 [3]. But that was a long time ago and this TC has come a long way. > > In May 2015 we moved to OASIS and this TC took a chance on me and made me a Co-Chair on TAXII and an editor for both STIX and TAXII. Since then I have worked hard with the other editors to help deliver high quality documents that reflect TC wide consensus, are written in a common voice, are easy to follow and read, and have lots of examples. I remember at times in the STIX 2.0 days of having daily 3-4 hour editor calls with John Wunder and Rich Piazza for weeks on end as we tried to address hundreds of comments and suggestions each day. > > Then on a Tuesday in early February 2019 Allan Thomson and I met with Rich Struse and Trey Darley, our wonderful TC Chairs, as we discussed the issues and problems of getting STIX 2.1 and TAXII 2.1 done. I expressed my concerns and frustrations at our lack of velocity and progress. I remember telling Rich that I needed to either shut up, step up, or walk away . Through that discussion I decided to stay involved and made a personal commitment to Rich that I would do everything I could to help get STIX and TAXII 2.1 to the finish line. Then shortly after that time there was another change in TC leadership and this TC took another chance on me and made me Co-Chair for STIX as well. > > Over the last 8 years of being involved in this work, I have learned a lot. Cooperation, gaining consensus, bringing people together while not being divisive, listening and understanding other people s views, managing a massive project with hundreds of contributors, writing and compiling massive documents filled with prose and normative text are just some of what I have learned. Through this learning, I have made mistakes and said things I wished I could undo. I wish I would have treated everyone with more kindness and respect, and spent more time listening to your thoughts and ideas. To any of you that I have offended, I do apologize. > > I am so grateful that I was able to work on this project and that this TC trusted me to help. I now believe I have fulfilled my personal commitment to Rich and this TC, and as such I think it is time for me to step down and let someone else run with this work. I therefor respectfully request that you accept my resignation as Co-Chair of STIX, Chair of TAXII, editor of STIX, and editor of TAXII. > > This work could not have been done, nor could I have learned so much without all of you. I am truly thankful and grateful that I have been able to work with all of you over the past 8 years. > > Respectfully, > > > Bret > > [1] - http://making-security-measurable.1364806.n2.nabble.com/STIX-Diagram-td7583044.html > [2] - http://making-security-measurable.1364806.n2.nabble.com/STIX-JSON-Draft-Proposal-v0-1-td7585634.html > [3] - http://making-security-measurable.1364806.n2.nabble.com/TAXII-TAXII-support-td7586234.html > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >