It is an interesting idea. The Technical Committee as a whole must ultimately approve any work products that go forward in the OASIS process. That said, there is no reason why the TC could not adopt a 'Management SC' or 'Steering SC' or 'Coordinating SC' or something like that to help manage the workload and bring back concise questions and/or draft work products to the TC as a whole to discuss. Since all SCs are open to any members who want to join and since all SCs will have their own mailing list, that could be a way to keep traffic and discussion manageable. It hasn't been done before at least that I can think of but then again we don't have any TCs with over 100 enthusiastic members either... On Fri, Jun 19, 2015 at 7:14 AM, Terry MacDonald <
terry.macdonald@threatloop.com > wrote: Hi Jerome, I believe the CTI TC is the 'one ring to rule them all' (sorry watching Lord on the Rings right now on TV). I guess that's the mgmt committee you're referring to? Cheers Terry MacDonald STIX, TAXII, CybOX Consultant M: +61-407-203-026 E:
terry.macdonald@threatloop.com W:
www.threatloop.com Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers. On 19 June 2015 at 19:38, Jerome Athias <
athiasjerome@gmail.com > wrote: while we'll probably come with multiple (sub) -Technical- Committees, I wonder if we should have a " Management Committee" on top of them? But maybe that's what is currently called TC in OASIS and why we have Subcommittees... (@Chet ?) (Sorry if it is just semantic...) Best regards 2015-06-19 6:53 GMT+03:00 Jordan, Bret <
bret.jordan@bluecoat.com > : After talking to several people I will withdraw my request to have version specific sub-committees. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." On Jun 18, 2015, at 19:57, Terry MacDonald <
terry.macdonald@threatloop.com > wrote: Hi All, I prefer the original sub-committee plan of separation into TAXII, STIX and CybOX sub-committees. In my opinion, the use of three sub-committees, each overseeing each individual standard continues the structure that has proven so effective over the last few years. Some people only care about STIX, others about TAXII, and having that separation means people only need to see discussions if they care about that particular standard. If they don't, then they can only participate in the sub-committees they care about. I would be worried about splicing the subcommittees into version specific sub-sub-committees. I personally think that would dilute the discussions, and there would be the possibility of information being seen by the STIX v1.3 sub-sub-committee that would be potentially be missed by the STIX v2.0 sub-sub-committee. I'm doubtful this would work. In any case, the formation of the 2 sub-committees is already defined in our CTI TC Charter. From what I have read, changing this would result in us rechartering the TC (
https://www.oasis-open.org/policies-guidelines/tc-process#rechartering ), which is not something any of us want to see at this early stage. Cheers Terry MacDonald STIX, TAXII, CybOX Consultant M: +61-407-203-026 E:
terry.macdonald@threatloop.com W:
www.threatloop.com Disclaimer: The opinions expressed within this email do not represent the sentiment of any other party except my own. My views do not necessarily reflect those of my employers. On 19 June 2015 at 10:09, Patrick Maroney <
Pmaroney@specere.org > wrote: STIX/CybOX/TAXII Veterans: One good thing, folks: We now have the formal processes to end the discourse, after we've reasonably considered all views, cast our votes to establish overall community consensus, and then move on to the next set of challenges. I'm sure I'll "lose" more than I "win", but look forward to engaging with all of you, especially those who bring a diverse set of perspectives and knowledge to what we can now globally refer to as "our thing". Patrick Maroney Office: (856)983-0001 Cell:: (609)841-5104 Email:
pmaroney@specere.org From: <
cti@lists.oasis-open.org > on behalf of Peter Allor <
pallor@us.ibm.com > Date: Thursday, June 18, 2015 at 7:46 PM To: "
cti@lists.oasis-open.org " <
cti@lists.oasis-open.org > Subject: RE: [cti] STIX Subcommittee Nomination Agreed. Note trimming addressee's. <graycol.gif> "Bush, Jonathan" ---06/18/2015 05:46:42 PM---That I think makes more sense. From:
cti@lists.oasis-open.org [ mailto:
cti@lists.oasis-open.org ] On B From: "Bush, Jonathan" <
jbush@dtcc.com > To: "'Barnum, Sean D.'" <
sbarnum@mitre.org >, Joep Gommers <
joep@intelworks.com >, "Jordan, Bret" <
bret.jordan@bluecoat.com >, "Aharon Chernin" <
achernin@soltra.com > Cc: "
tony@yaanatech.com " <
tony@yaanatech.com >, "
mona.magathan@usbank.com " <
mona.magathan@usbank.com >, "
cti@lists.oasis-open.org " <
cti@lists.oasis-open.org > Date: 06/18/2015 05:46 PM Subject: RE: [cti] STIX Subcommittee Nomination Sent by: <
cti@lists.oasis-open.org > That I think makes more sense. From:
cti@lists.oasis-open.org [ mailto:
cti@lists.oasis-open.org ] On Behalf Of Barnum, Sean D. Sent: Thursday, June 18, 2015 3:43 PM To: Joep Gommers; Jordan, Bret; Aharon Chernin Cc:
tony@yaanatech.com ;
mona.magathan@usbank.com ;
cti@lists.oasis-open.org Subject: Re: [cti] STIX Subcommittee Nomination So, the typical way of doing this would be to have a single STIX SC with multiple work product efforts (e.g. STIX 1.x & STIX 2.0) underway with different editors and contributors. This provides the coordination and communication Aharon describes as well as the separate focus that Bret, et al, describe. This is true of almost all SDOs and I think still meets the objectives you are all conveying here. sean From: Joep Gommers <
joep@intelworks.com > Date: Thursday, June 18, 2015 at 3:33 PM To: "Jordan, Bret" <
bret.jordan@bluecoat.com >, Aharon Chernin <
achernin@soltra.com > Cc: "
tony@yaanatech.com " <
tony@yaanatech.com >, "
mona.magathan@usbank.com " <
mona.magathan@usbank.com >, "
cti@lists.oasis-open.org " <
cti@lists.oasis-open.org > Subject: Re: [cti] STIX Subcommittee Nomination I can also see some advantage with regards to focus. Separate work stream with separate cadence, leadership expertise, etc might be helpful. J- From: "Jordan, Bret" <
bret.jordan@bluecoat.com > Date: Thursday, June 18, 2015 at 9:26 PM To: Aharon Chernin <
achernin@soltra.com > Cc: "
tony@yaanatech.com " <
tony@yaanatech.com >, "
mona.magathan@usbank.com " <
mona.magathan@usbank.com >, "
cti@lists.oasis-open.org " <
cti@lists.oasis-open.org > Subject: Re: [cti] STIX Subcommittee Nomination The same people may be on both subcommittees. By breaking them up this allows each subcommittee to focus on different things. There are some people that will not care about STIX 1.3 and some that will not care about STIX 2.0 Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." On Jun 18, 2015, at 13:23, Aharon Chernin <
achernin@soltra.com > wrote: I think a single STIX committee will ensure good communication between the folks working STIX 1.x and STIX 2.x. This may also improve interoperability between the two major releases. Aharon Chernin CTO SOLTRA An FS-ISAC & DTCC Company 18301 Bermuda green Dr Tampa, fl 33647 813.470.2173
achernin@soltra.com www.soltra.com From:
cti@lists.oasis-open.org <
cti@lists.oasis-open.org > on behalf of Jordan, Bret <
bret.jordan@bluecoat.com > Sent: Thursday, June 18, 2015 3:20 PM To:
tony@yaanatech.com Cc:
mona.magathan@usbank.com ;
cti@lists.oasis-open.org Subject: Re: [cti] STIX Subcommittee Nomination I am against the idea of creating a single STIX working group. STIX 1.3 and STIX 2.0 are two totally different animals and we do not want to bog one down to work on the other. I could see Aharon and Sean co-Chairing the STIX 1.3 sub committee. I would be good with that. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." On Jun 18, 2015, at 13:10, Tony Rutkowski <
tony@yaanatech.com > wrote: Yaana seconds the proposal On 2015-06-18 3:08 PM,
mona.magathan@usbank.com wrote: Hi All, I am submitting a proposal to create a STIX subcommittee and nominate Aharon Chernin & Sean Barnum as co-chairs The STIX subcommittee will maintain and steer the future direction of the Structured Threat Information _expression_ language. Deliverables: Create a roadmap for STIX 1.x Maintain and enhance STIX 1.x as necessary Create a roadmap for STIX 2.x Design and create STIX 2.x STIX Documentation Regards, Mona Magathan Information Security Services U.S. Bank (206) 225.7519 U.S. BANCORP made the following annotations --------------------------------------------------------------------- Electronic Privacy Notice. This e-mail, and any attachments, contains information that is, or may be, covered by electronic communications privacy laws, and is also confidential and proprietary in nature. If you are not the intended recipient, please be advised that you are legally prohibited from retaining, using, copying, distributing, or otherwise disclosing this information in any manner. Instead, please reply to the sender that you have received this communication in error, and then immediately delete it. Thank you in advance for your cooperation. --------------------------------------------------------------------- -- ________________________________ Anthony Michael Rutkowski EVP, Industry Standards & Regulatory Affairs
tony@yaanatech.com +1 703 999 8270 ________________________________ Yaana Technologies LLC 542 Gibraltar Drive Milpitas CA 95035 USA DTCC DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error, please notify us immediately and delete the email and any attachments from your system. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php -- /chet ---------------- Chet Ensign Director of Standards Development and TC Administration OASIS: Advancing open standards for the information society
http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393