Hi everyone,
As you probably know, one thing we as a TC are working as fast as we can towards is the release of our first CSD (Committee Specification Draft) of STIX 2.1. As you may recall, we plan on issuing
a series of CSDs until such point we are ready to release a CS (Committee Specification). A CSD is basically the first step towards the TC formalizing normative text for the things included in a release of STIX, and is also the start of our recently-balloted
TC process that includes sponsorship, implementation, and interoperability text.
At the same time, as we discuss the malware object, it s becoming clear that we still have some work to do on it. We want to make sure we get it right, and in particular to consider how it relates
to the Infrastructure object and other new SDOs planned for CSD02 and beyond.
This would do two things:
It would remove pressure on us to rush to solution on Malware and give us enough time to build more implementations, try out other approaches, and get it right. It allows us to move forward on all of the other objects and features already in the CSD: Internationalization, Confidence, Location, Opinion, Note, support for
mixed version content, and numerous other bug fixes and enhancements.
If this sounds good, we would immediately begin work to finalize the drafts to get us to a CSD01 ballot:
First, clean up any lingering issues in the current 2.1 text (including reverting Malware to what it was in 2.0) Next, release STIX 2.1 WD01 (the first STIX 2.1 working draft) for a 2 week TC review period Address comments, and rinse and repeat releasing working drafts for review until we have one that has no substantive changes. Open a ballot to approve CSD01.
Based on maybe 2 iterations of the working drafts, that would mean opening a CSD ballot in the August timeframe. Once that happens and the CSD is approved we can continue our work to get sponsors,
validate implementations, and write interoperability text.
In order to do this, I move that the TC approve by unanimous consent deferring Malware to a subsequent STIX 2.1 CSD and continuing with our CSD01 release process.
Thanks all,