OASIS Cyber Threat Intelligence (CTI) TC

 View Only
Expand all | Collapse all

Re: [cti] More Github Repos

  • 1.  Re: [cti] More Github Repos

    Posted 09-01-2016 20:24
      |   view attached




    Recommendation:  Remove the version specific attributes from the requested Chartered Work and and Open Repository Names/Descriptions.
     
    Understand that we need to discriminate (for now) between the “Legacy” and “Next Generation” Github Repositories.  However, making Version specific instantiations of the multitude of separate
    Chartered Work and and Open Repository will greatly complicate things long term (i.e., as new major releases occur).
     



    Patrick Maroney


    Office:  (856)983-0001


    Cell:      (609)841-5104



     





     


    President


    Integrated Networking Technologies, Inc.


    PO Box 569


    Marlton, NJ 08053
     

    From:
    "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of Bret Jordan <bret.jordan@bluecoat.com>
    Date: Thursday, September 1, 2016 at 2:09 PM
    To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
    Subject: [cti] More Github Repos


     



    I move that the TC approve the requesting of OASIS to set up the following OASIS Chartered Work Repository projects, stix2, cybox3, and taxii2 named cti-stix2, cti-cybox3 and cti-taxii2 using the following pieces of information:
                                                  
    Purpose Statement: This STIX repository will contain official specification documents along with wikis and issues relating to the official specifications.  
    Initial Maintainers: Bret Jordan, John Wunder
    GitHub Name: cti-stix2
    Short Description: OASIS Chartered Work Repository: Official repository for STIX 2 work

    Purpose Statement: This CybOX repository will contain official specification documents along with wikis and issues relating to the official specifications.  
    Initial Maintainers: Ivan Kirillov, Trey Darley
    GitHub Name: cti-cybox3
    Short Description: OASIS Chartered Work Repository: Official repository for CybOX 3 work

    Purpose Statement: This TAXII repository will contain official specification documents along with wikis and issues relating to the official specifications.  
    Initial Maintainers: Bret Jordan, Mark Davidson
    GitHub Name: cti-taxii2
    Short Description: OASIS Chartered Work Repository: Official repository for TAXII 2 work

     








     


    Thanks,


     


    Bret



     


     


     



    Bret Jordan CISSP

    Director of Security Architecture and Standards Office of the CTO


    Blue Coat Systems



    PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050


    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 









     








  • 2.  Re: [cti] More Github Repos

    Posted 09-01-2016 22:58
    I think major release numbers are okay... Since if we ever do a STIX 3, we will probably want to start fresh at that point. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   On Sep 1, 2016, at 14:24, Patrick Maroney < Pmaroney@Specere.org > wrote: Recommendation:  Remove the version specific attributes from the requested Chartered Work and and Open Repository Names/Descriptions.   Understand that we need to discriminate (for now) between the “Legacy” and “Next Generation” Github Repositories.  However, making Version specific instantiations of the multitude of separate Chartered Work and and Open Repository will greatly complicate things long term (i.e., as new major releases occur).   Patrick Maroney Office:  (856)983-0001 Cell:      (609)841-5104   <image001.png>   President Integrated Networking Technologies, Inc. PO Box 569 Marlton, NJ 08053   From:   cti@lists.oasis-open.org < cti@lists.oasis-open.org > on behalf of Bret Jordan < bret.jordan@bluecoat.com > Date:   Thursday, September 1, 2016 at 2:09 PM To:   cti@lists.oasis-open.org < cti@lists.oasis-open.org > Subject:   [cti] More Github Repos   I move that the TC approve the requesting of OASIS to set up the following OASIS Chartered Work Repository projects, stix2, cybox3, and taxii2 named cti-stix2, cti-cybox3 and cti-taxii2 using the following pieces of information:                                                Purpose Statement:   This STIX repository will contain official specification documents along with wikis and issues relating to the official specifications.   Initial Maintainers:   Bret Jordan, John Wunder GitHub Name:   cti-stix2 Short Description:   OASIS Chartered Work Repository: Official repository for STIX 2 work Purpose Statement:   This CybOX repository will contain official specification documents along with wikis and issues relating to the official specifications.   Initial Maintainers:   Ivan Kirillov, Trey Darley GitHub Name:   cti-cybox3 Short Description:   OASIS Chartered Work Repository: Official repository for CybOX 3 work Purpose Statement:   This TAXII repository will contain official specification documents along with wikis and issues relating to the official specifications.   Initial Maintainers:   Bret Jordan, Mark Davidson GitHub Name:   cti-taxii2 Short Description:   OASIS Chartered Work Repository: Official repository for TAXII 2 work     Thanks,   Bret       Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.     Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail


  • 3.  Re: [cti] More Github Repos

    Posted 09-01-2016 23:05
    I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of Github Branches for variants.  Ultimately Github provides a number of very useful capabilities for managing workflow, variants, releases that will serve us well. Patrick Maroney President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org _____________________________ From: Jordan, Bret < bret.jordan@bluecoat.com > Sent: Thursday, September 1, 2016 6:58 PM Subject: Re: [cti] More Github Repos To: Patrick Maroney < pmaroney@specere.org > Cc: < cti@lists.oasis-open.org > I think major release numbers are okay... Since if we ever do a STIX 3, we will probably want to start fresh at that point. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."  On Sep 1, 2016, at 14:24, Patrick Maroney < Pmaroney@Specere.org > wrote: Recommendation:  Remove the version specific attributes from the requested Chartered Work and and Open Repository Names/Descriptions.   Understand that we need to discriminate (for now) between the “Legacy” and “Next Generation” Github Repositories.  However, making Version specific instantiations of the multitude of separate Chartered Work and and Open Repository will greatly complicate things long term (i.e., as new major releases occur).   Patrick Maroney Office:  (856)983-0001 Cell:      (609)841-5104   <image001.png>   President Integrated Networking Technologies, Inc. PO Box 569 Marlton, NJ 08053   From:   " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > on behalf of Bret Jordan < bret.jordan@bluecoat.com > Date:   Thursday, September 1, 2016 at 2:09 PM To:   " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject:   [cti] More Github Repos   I move that the TC approve the requesting of OASIS to set up the following OASIS Chartered Work Repository projects, stix2, cybox3, and taxii2 named cti-stix2, cti-cybox3 and cti-taxii2 using the following pieces of information:                                                Purpose Statement:   This STIX repository will contain official specification documents along with wikis and issues relating to the official specifications.   Initial Maintainers:   Bret Jordan, John Wunder GitHub Name:   cti-stix2 Short Description:   OASIS Chartered Work Repository: Official repository for STIX 2 work Purpose Statement:   This CybOX repository will contain official specification documents along with wikis and issues relating to the official specifications.   Initial Maintainers:   Ivan Kirillov, Trey Darley GitHub Name:   cti-cybox3 Short Description:   OASIS Chartered Work Repository: Official repository for CybOX 3 work Purpose Statement:   This TAXII repository will contain official specification documents along with wikis and issues relating to the official specifications.   Initial Maintainers:   Bret Jordan, Mark Davidson GitHub Name:   cti-taxii2 Short Description:   OASIS Chartered Work Repository: Official repository for TAXII 2 work     Thanks,   Bret       Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."   


  • 4.  Re: [cti] More Github Repos

    Posted 09-02-2016 12:11
    I would say I agree with Patrick... I am not sure why we should put version numbers on the repo names. Versioning is part of Github. STIX 2 "stable" would just be a tag and/or branch... - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown Patrick Maroney ---09/01/2016 08:05:12 PM---I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of G From: Patrick Maroney <Pmaroney@Specere.org> To: "Jordan, Bret" <bret.jordan@bluecoat.com> Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> Date: 09/01/2016 08:05 PM Subject: Re: [cti] More Github Repos Sent by: <cti@lists.oasis-open.org> I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of Github Branches for variants. Ultimately Github provides a number of very useful capabilities for managing workflow, variants, releases that will serve us well. Patrick Maroney President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org _____________________________ From: Jordan, Bret < bret.jordan@bluecoat.com > Sent: Thursday, September 1, 2016 6:58 PM Subject: Re: [cti] More Github Repos To: Patrick Maroney < pmaroney@specere.org > Cc: < cti@lists.oasis-open.org > I think major release numbers are okay... Since if we ever do a STIX 3, we will probably want to start fresh at that point. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
    On Sep 1, 2016, at 14:24, Patrick Maroney < Pmaroney@Specere.org > wrote: Recommendation: Remove the version specific attributes from the requested Chartered Work and and Open Repository Names/Descriptions. Understand that we need to discriminate (for now) between the “Legacy” and “Next Generation” Github Repositories. However, making Version specific instantiations of the multitude of separate Chartered Work and and Open Repository will greatly complicate things long term (i.e., as new major releases occur). Patrick Maroney Office: (856)983-0001 Cell: (609)841-5104 <image001.png> President Integrated Networking Technologies, Inc. PO Box 569 Marlton, NJ 08053 From: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > on behalf of Bret Jordan < bret.jordan@bluecoat.com > Date: Thursday, September 1, 2016 at 2:09 PM To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: [cti] More Github Repos I move that the TC approve the requesting of OASIS to set up the following OASIS Chartered Work Repository projects, stix2, cybox3, and taxii2 named cti-stix2, cti-cybox3 and cti-taxii2 using the following pieces of information: Purpose Statement: This STIX repository will contain official specification documents along with wikis and issues relating to the official specifications. Initial Maintainers: Bret Jordan, John Wunder GitHub Name: cti-stix2 Short Description: OASIS Chartered Work Repository: Official repository for STIX 2 work Purpose Statement: This CybOX repository will contain official specification documents along with wikis and issues relating to the official specifications. Initial Maintainers: Ivan Kirillov, Trey Darley GitHub Name: cti-cybox3 Short Description: OASIS Chartered Work Repository: Official repository for CybOX 3 work Purpose Statement: This TAXII repository will contain official specification documents along with wikis and issues relating to the official specifications. Initial Maintainers: Bret Jordan, Mark Davidson GitHub Name: cti-taxii2 Short Description: OASIS Chartered Work Repository: Official repository for TAXII 2 work Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."




  • 5.  Re: [cti] More Github Repos

    Posted 09-02-2016 12:29




    Our thinking was just that if we ever have another major version release of (for example) STIX, it would be due to very fundamental changes and we’d want a clean break. And of course to
    distinguish from the “legacy” DHS/MITRE repositories.
     
    I’m fine either way.
     

    From:
    <cti@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
    Date: Friday, September 2, 2016 at 8:11 AM
    To: Patrick Maroney <Pmaroney@Specere.org>
    Cc: Bret Jordan <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
    Subject: Re: [cti] More Github Repos


     



    I would say I agree with Patrick... I am not sure why we should put version numbers on the repo names. Versioning is part of Github. STIX 2 "stable" would just be a tag and/or branch...


    -
    Jason Keirstead
    STSM, Product Architect, Security Intelligence, IBM Security Systems
    www.ibm.com/security www.securityintelligence.com

    Without data, all you are is just another person with an opinion - Unknown


    Patrick Maroney ---09/01/2016 08:05:12 PM---I would argue instead
    for a single Open and Work Product repo for each of the 4 SCs and the use of G

    From: Patrick Maroney <Pmaroney@Specere.org>
    To: "Jordan, Bret" <bret.jordan@bluecoat.com>
    Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
    Date: 09/01/2016 08:05 PM
    Subject: Re: [cti] More Github Repos
    Sent by: <cti@lists.oasis-open.org>






    I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of Github Branches for variants. Ultimately Github provides a number of very useful capabilities for managing workflow, variants,
    releases that will serve us well.

    Patrick Maroney
    President
    Integrated Networking Technologies, Inc.
    Desk: (856)983-0001
    Cell: (609)841-5104
    Email: pmaroney@specere.org

    _____________________________
    From: Jordan, Bret < bret.jordan@bluecoat.com >
    Sent: Thursday, September 1, 2016 6:58 PM
    Subject: Re: [cti] More Github Repos
    To: Patrick Maroney < pmaroney@specere.org >
    Cc: < cti@lists.oasis-open.org >


    I think major release numbers are okay... Since if we ever do a STIX 3, we will probably want to start fresh at that point.


    Thanks,

    Bret



    Bret Jordan CISSP

    Director of Security Architecture and Standards Office of the CTO
    Blue Coat Systems
    PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

    On Sep 1, 2016, at 14:24, Patrick Maroney < Pmaroney@Specere.org >
    wrote:

    Recommendation: Remove the version specific attributes from the requested Chartered Work and and Open Repository Names/Descriptions.

    Understand that we need to discriminate (for now) between the “Legacy” and “Next Generation” Github Repositories. However, making Version specific instantiations of the multitude of separate Chartered Work and and Open Repository
    will greatly complicate things long term (i.e., as new major releases occur).

    Patrick Maroney
    Office: (856)983-0001
    Cell: (609)841-5104

    <image001.png>

    President
    Integrated Networking Technologies, Inc.
    PO Box 569
    Marlton, NJ 08053

    From: " cti@lists.oasis-open.org "
    < cti@lists.oasis-open.org > on behalf of Bret Jordan < bret.jordan@bluecoat.com >
    Date: Thursday, September 1, 2016 at 2:09 PM
    To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >
    Subject: [cti] More Github Repos

    I move that the TC approve the requesting of OASIS to set up the following OASIS Chartered Work Repository projects, stix2, cybox3, and taxii2 named cti-stix2, cti-cybox3 and cti-taxii2 using the following pieces of information:

    Purpose Statement: This STIX repository will contain official specification documents along with wikis and issues relating to the official specifications.

    Initial Maintainers: Bret Jordan, John Wunder
    GitHub Name: cti-stix2
    Short Description: OASIS Chartered Work Repository: Official repository for STIX 2 work

    Purpose Statement: This CybOX repository will contain official specification documents along with wikis and issues relating to the official specifications.

    Initial Maintainers: Ivan Kirillov, Trey Darley
    GitHub Name: cti-cybox3
    Short Description: OASIS Chartered Work Repository: Official repository for CybOX 3 work

    Purpose Statement: This TAXII repository will contain official specification documents along with wikis and issues relating to the official specifications.

    Initial Maintainers: Bret Jordan, Mark Davidson
    GitHub Name: cti-taxii2
    Short Description: OASIS Chartered Work Repository: Official repository for TAXII 2 work


    Thanks,

    Bret



    Bret Jordan CISSP
    Director of Security Architecture and Standards Office of the CTO
    Blue Coat Systems
    PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."














  • 6.  RE: [cti] More Github Repos

    Posted 09-02-2016 13:03
    CybOX 3 is at least as fundamentally different from 2 as Python 3 is from 2. I don't think it would hurt for a single OASIS CybOX repository to be named CybOX3. But either way is fine.


  • 7.  Re: [cti] More Github Repos

    Posted 09-02-2016 13:40
    Well, here is where my head is at. While we have yet as a TC decided upon what our requirements are for "major version", we do know that at least one of those is breaking changes. Moving from STIX 1 to STIX 2 was a a huge breaking change, because we changed serialization formats - but the move from STIX 2 to STIX 3 may not be as drastic. If we go on the basis that it requires a breaking change, then simply making the decision to remove one of the TLOs may require a major revision change. It is unclear to me what the benefit would be to have to spin up a new Github repo every time we decide to remove a TLO. - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown "Wunder, John A." ---09/02/2016 09:29:09 AM---Our thinking was just that if we ever have another major version release of (for example) STIX, it w From: "Wunder, John A." <jwunder@mitre.org> To: Jason Keirstead/CanEast/IBM@IBMCA, Patrick Maroney <Pmaroney@Specere.org> Cc: "Jordan, Bret" <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> Date: 09/02/2016 09:29 AM Subject: Re: [cti] More Github Repos Sent by: <cti@lists.oasis-open.org> Our thinking was just that if we ever have another major version release of (for example) STIX, it would be due to very fundamental changes and we’d want a clean break. And of course to distinguish from the “legacy” DHS/MITRE repositories. I’m fine either way. From: <cti@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com> Date: Friday, September 2, 2016 at 8:11 AM To: Patrick Maroney <Pmaroney@Specere.org> Cc: Bret Jordan <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> Subject: Re: [cti] More Github Repos I would say I agree with Patrick... I am not sure why we should put version numbers on the repo names. Versioning is part of Github. STIX 2 "stable" would just be a tag and/or branch... - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown Patrick Maroney ---09/01/2016 08:05:12 PM---I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of G From: Patrick Maroney <Pmaroney@Specere.org> To: "Jordan, Bret" <bret.jordan@bluecoat.com> Cc: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> Date: 09/01/2016 08:05 PM Subject: Re: [cti] More Github Repos Sent by: <cti@lists.oasis-open.org> I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of Github Branches for variants. Ultimately Github provides a number of very useful capabilities for managing workflow, variants, releases that will serve us well. Patrick Maroney President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org _____________________________ From: Jordan, Bret < bret.jordan@bluecoat.com > Sent: Thursday, September 1, 2016 6:58 PM Subject: Re: [cti] More Github Repos To: Patrick Maroney < pmaroney@specere.org > Cc: < cti@lists.oasis-open.org > I think major release numbers are okay... Since if we ever do a STIX 3, we will probably want to start fresh at that point. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." On Sep 1, 2016, at 14:24, Patrick Maroney < Pmaroney@Specere.org > wrote: Recommendation: Remove the version specific attributes from the requested Chartered Work and and Open Repository Names/Descriptions. Understand that we need to discriminate (for now) between the “Legacy” and “Next Generation” Github Repositories. However, making Version specific instantiations of the multitude of separate Chartered Work and and Open Repository will greatly complicate things long term (i.e., as new major releases occur). Patrick Maroney Office: (856)983-0001 Cell: (609)841-5104 <image001.png> President Integrated Networking Technologies, Inc. PO Box 569 Marlton, NJ 08053 From: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > on behalf of Bret Jordan < bret.jordan@bluecoat.com > Date: Thursday, September 1, 2016 at 2:09 PM To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: [cti] More Github Repos I move that the TC approve the requesting of OASIS to set up the following OASIS Chartered Work Repository projects, stix2, cybox3, and taxii2 named cti-stix2, cti-cybox3 and cti-taxii2 using the following pieces of information: Purpose Statement: This STIX repository will contain official specification documents along with wikis and issues relating to the official specifications. Initial Maintainers: Bret Jordan, John Wunder GitHub Name: cti-stix2 Short Description: OASIS Chartered Work Repository: Official repository for STIX 2 work Purpose Statement: This CybOX repository will contain official specification documents along with wikis and issues relating to the official specifications. Initial Maintainers: Ivan Kirillov, Trey Darley GitHub Name: cti-cybox3 Short Description: OASIS Chartered Work Repository: Official repository for CybOX 3 work Purpose Statement: This TAXII repository will contain official specification documents along with wikis and issues relating to the official specifications. Initial Maintainers: Bret Jordan, Mark Davidson GitHub Name: cti-taxii2 Short Description: OASIS Chartered Work Repository: Official repository for TAXII 2 work Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."




  • 8.  Re: [cti] More Github Repos

    Posted 09-02-2016 14:16
    You are right, we as the TC have not yet decided that.  In my mind I am kind of thinking that there will probably not be a STIX 3.0 for years if ever, and it would only come around if once again made super major structural changes.  In my mind deprecating a feature does not require a major change.  But we should talk about this and decide.  Bret Sent from my Commodore 64 On Sep 2, 2016, at 7:39 AM, Jason Keirstead < Jason.Keirstead@ca.ibm.com > wrote: Well, here is where my head is at. While we have yet as a TC decided upon what our requirements are for "major version", we do know that at least one of those is breaking changes. Moving from STIX 1 to STIX 2 was a a huge breaking change, because we changed serialization formats - but the move from STIX 2 to STIX 3 may not be as drastic. If we go on the basis that it requires a breaking change, then simply making the decision to remove one of the TLOs may require a major revision change. It is unclear to me what the benefit would be to have to spin up a new Github repo every time we decide to remove a TLO. - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown <graycol.gif> "Wunder, John A." ---09/02/2016 09:29:09 AM---Our thinking was just that if we ever have another major version release of (for example) STIX, it w From: "Wunder, John A." < jwunder@mitre.org > To: Jason Keirstead/CanEast/IBM@IBMCA, Patrick Maroney < Pmaroney@Specere.org > Cc: "Jordan, Bret" < bret.jordan@bluecoat.com >, " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Date: 09/02/2016 09:29 AM Subject: Re: [cti] More Github Repos Sent by: < cti@lists.oasis-open.org > Our thinking was just that if we ever have another major version release of (for example) STIX, it would be due to very fundamental changes and we’d want a clean break. And of course to distinguish from the “legacy” DHS/MITRE repositories. I’m fine either way. From: < cti@lists.oasis-open.org > on behalf of Jason Keirstead < Jason.Keirstead@ca.ibm.com > Date: Friday, September 2, 2016 at 8:11 AM To: Patrick Maroney < Pmaroney@Specere.org > Cc: Bret Jordan < bret.jordan@bluecoat.com >, " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: Re: [cti] More Github Repos I would say I agree with Patrick... I am not sure why we should put version numbers on the repo names. Versioning is part of Github. STIX 2 "stable" would just be a tag and/or branch... - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown <19434301.gif> Patrick Maroney ---09/01/2016 08:05:12 PM---I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of G From: Patrick Maroney < Pmaroney@Specere.org > To: "Jordan, Bret" < bret.jordan@bluecoat.com > Cc: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Date: 09/01/2016 08:05 PM Subject: Re: [cti] More Github Repos Sent by: < cti@lists.oasis-open.org > I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of Github Branches for variants. Ultimately Github provides a number of very useful capabilities for managing workflow, variants, releases that will serve us well. Patrick Maroney President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org _____________________________ From: Jordan, Bret < bret.jordan@bluecoat.com > Sent: Thursday, September 1, 2016 6:58 PM Subject: Re: [cti] More Github Repos To: Patrick Maroney < pmaroney@specere.org > Cc: < cti@lists.oasis-open.org > I think major release numbers are okay... Since if we ever do a STIX 3, we will probably want to start fresh at that point. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." On Sep 1, 2016, at 14:24, Patrick Maroney < Pmaroney@Specere.org > wrote: Recommendation: Remove the version specific attributes from the requested Chartered Work and and Open Repository Names/Descriptions. Understand that we need to discriminate (for now) between the “Legacy” and “Next Generation” Github Repositories. However, making Version specific instantiations of the multitude of separate Chartered Work and and Open Repository will greatly complicate things long term (i.e., as new major releases occur). Patrick Maroney Office: (856)983-0001 Cell: (609)841-5104 <image001.png> President Integrated Networking Technologies, Inc. PO Box 569 Marlton, NJ 08053 From: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > on behalf of Bret Jordan < bret.jordan@bluecoat.com > Date: Thursday, September 1, 2016 at 2:09 PM To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: [cti] More Github Repos I move that the TC approve the requesting of OASIS to set up the following OASIS Chartered Work Repository projects, stix2, cybox3, and taxii2 named cti-stix2, cti-cybox3 and cti-taxii2 using the following pieces of information: Purpose Statement: This STIX repository will contain official specification documents along with wikis and issues relating to the official specifications. Initial Maintainers: Bret Jordan, John Wunder GitHub Name: cti-stix2 Short Description: OASIS Chartered Work Repository: Official repository for STIX 2 work Purpose Statement: This CybOX repository will contain official specification documents along with wikis and issues relating to the official specifications. Initial Maintainers: Ivan Kirillov, Trey Darley GitHub Name: cti-cybox3 Short Description: OASIS Chartered Work Repository: Official repository for CybOX 3 work Purpose Statement: This TAXII repository will contain official specification documents along with wikis and issues relating to the official specifications. Initial Maintainers: Bret Jordan, Mark Davidson GitHub Name: cti-taxii2 Short Description: OASIS Chartered Work Repository: Official repository for TAXII 2 work Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."


  • 9.  Re: [cti] More Github Repos

    Posted 09-02-2016 14:19
    I like the distinction it gives.  Keep in mind that the reason we are using these repos (the official specification ones) is not for the source control, but for the wiki and issue tracking.  Branching and Tagging and all of the other Git stuff is not what we are looking to use these repos for.   Bret  Sent from my Commodore 64 On Sep 2, 2016, at 6:29 AM, Wunder, John A. < jwunder@mitre.org > wrote: Our thinking was just that if we ever have another major version release of (for example) STIX, it would be due to very fundamental changes and we’d want a clean break. And of course to distinguish from the “legacy” DHS/MITRE repositories.   I’m fine either way.   From: < cti@lists.oasis-open.org > on behalf of Jason Keirstead < Jason.Keirstead@ca.ibm.com > Date: Friday, September 2, 2016 at 8:11 AM To: Patrick Maroney < Pmaroney@Specere.org > Cc: Bret Jordan < bret.jordan@bluecoat.com >, " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: Re: [cti] More Github Repos   I would say I agree with Patrick... I am not sure why we should put version numbers on the repo names. Versioning is part of Github. STIX 2 "stable" would just be a tag and/or branch... - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown <image001.gif> Patrick Maroney ---09/01/2016 08:05:12 PM---I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of G From: Patrick Maroney < Pmaroney@Specere.org > To: "Jordan, Bret" < bret.jordan@bluecoat.com > Cc: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Date: 09/01/2016 08:05 PM Subject: Re: [cti] More Github Repos Sent by: < cti@lists.oasis-open.org > I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of Github Branches for variants. Ultimately Github provides a number of very useful capabilities for managing workflow, variants, releases that will serve us well. Patrick Maroney President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email: pmaroney@specere.org _____________________________ From: Jordan, Bret < bret.jordan@bluecoat.com > Sent: Thursday, September 1, 2016 6:58 PM Subject: Re: [cti] More Github Repos To: Patrick Maroney < pmaroney@specere.org > Cc: < cti@lists.oasis-open.org > I think major release numbers are okay... Since if we ever do a STIX 3, we will probably want to start fresh at that point. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." On Sep 1, 2016, at 14:24, Patrick Maroney < Pmaroney@Specere.org > wrote: Recommendation: Remove the version specific attributes from the requested Chartered Work and and Open Repository Names/Descriptions. Understand that we need to discriminate (for now) between the “Legacy” and “Next Generation” Github Repositories. However, making Version specific instantiations of the multitude of separate Chartered Work and and Open Repository will greatly complicate things long term (i.e., as new major releases occur). Patrick Maroney Office: (856)983-0001 Cell: (609)841-5104 <image001.png> President Integrated Networking Technologies, Inc. PO Box 569 Marlton, NJ 08053 From: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > on behalf of Bret Jordan < bret.jordan@bluecoat.com > Date: Thursday, September 1, 2016 at 2:09 PM To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: [cti] More Github Repos I move that the TC approve the requesting of OASIS to set up the following OASIS Chartered Work Repository projects, stix2, cybox3, and taxii2 named cti-stix2, cti-cybox3 and cti-taxii2 using the following pieces of information: Purpose Statement: This STIX repository will contain official specification documents along with wikis and issues relating to the official specifications. Initial Maintainers: Bret Jordan, John Wunder GitHub Name: cti-stix2 Short Description: OASIS Chartered Work Repository: Official repository for STIX 2 work Purpose Statement: This CybOX repository will contain official specification documents along with wikis and issues relating to the official specifications. Initial Maintainers: Ivan Kirillov, Trey Darley GitHub Name: cti-cybox3 Short Description: OASIS Chartered Work Repository: Official repository for CybOX 3 work Purpose Statement: This TAXII repository will contain official specification documents along with wikis and issues relating to the official specifications. Initial Maintainers: Bret Jordan, Mark Davidson GitHub Name: cti-taxii2 Short Description: OASIS Chartered Work Repository: Official repository for TAXII 2 work Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."


  • 10.  Re: [cti] More Github Repos

    Posted 09-02-2016 14:25




    I would also say that presumably these new repos are not going to include the previous STIX 1/TAXII versions so technically they only will include 2.x and future revs. Not 1.x. If they
    are named without version I would expect all versions including 1.x.
     
    I have a slight preference for the number in the repos because it helps distinguish from the previous version that is very different as Bret says.

     
    Regarding major vs minor changes. I think the heart of the issue is not the number per se but what defines compatibility/interoperability. For example, introducing a new optional TLO may
    not break any implementation if those implementations don’t need to support that TLO. Whereas if the use case requires use of that TLO then they would obviously want to support that TLO and make sure they support the mandatory aspects including agreed behavior.

     
    I would rather we focus on defining what is required for compatibility and interoperability and less about the number of the spec.
     
    allan
     

    From:
    "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of "Jordan, Bret" <bret.jordan@bluecoat.com>
    Date: Friday, September 2, 2016 at 7:18 AM
    To: "Wunder, John" <jwunder@mitre.org>
    Cc: Jason Keirstead <Jason.Keirstead@ca.ibm.com>, Patrick Maroney <Pmaroney@Specere.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
    Subject: Re: [cti] More Github Repos


     




    I like the distinction it gives.  Keep in mind that the reason we are using these repos (the official specification ones) is not for the source control, but for the wiki and issue tracking.  Branching and Tagging and all of the other Git
    stuff is not what we are looking to use these repos for.  


     


    Bret 

    Sent from my Commodore 64



    On Sep 2, 2016, at 6:29 AM, Wunder, John A. < jwunder@mitre.org > wrote:



    Our thinking was just that if we ever have another major version release of (for example) STIX, it would be due to very fundamental changes and we’d want a clean break. And of course to
    distinguish from the “legacy” DHS/MITRE repositories.
     
    I’m fine either way.
     

    From:
    < cti@lists.oasis-open.org > on behalf of Jason Keirstead < Jason.Keirstead@ca.ibm.com >
    Date: Friday, September 2, 2016 at 8:11 AM
    To: Patrick Maroney < Pmaroney@Specere.org >
    Cc: Bret Jordan < bret.jordan@bluecoat.com >, " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >
    Subject: Re: [cti] More Github Repos


     



    I would say I agree with Patrick... I am not sure why we should put version numbers on the repo names. Versioning is part of Github. STIX 2 "stable" would just be a tag and/or branch...


    -
    Jason Keirstead
    STSM, Product Architect, Security Intelligence, IBM Security Systems
    www.ibm.com/security
    www.securityintelligence.com

    Without data, all you are is just another person with an opinion - Unknown


    <image001.gif> Patrick Maroney ---09/01/2016 08:05:12 PM---I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of G

    From: Patrick Maroney < Pmaroney@Specere.org >
    To: "Jordan, Bret" < bret.jordan@bluecoat.com >
    Cc: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >
    Date: 09/01/2016 08:05 PM
    Subject: Re: [cti] More Github Repos
    Sent by: < cti@lists.oasis-open.org >








    I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of Github Branches for variants. Ultimately Github provides a number of very useful capabilities for managing workflow, variants,
    releases that will serve us well.

    Patrick Maroney
    President
    Integrated Networking Technologies, Inc.
    Desk: (856)983-0001
    Cell: (609)841-5104
    Email: pmaroney@specere.org

    _____________________________
    From: Jordan, Bret < bret.jordan@bluecoat.com >
    Sent: Thursday, September 1, 2016 6:58 PM
    Subject: Re: [cti] More Github Repos
    To: Patrick Maroney < pmaroney@specere.org >
    Cc: < cti@lists.oasis-open.org >


    I think major release numbers are okay... Since if we ever do a STIX 3, we will probably want to start fresh at that point.


    Thanks,

    Bret



    Bret Jordan CISSP

    Director of Security Architecture and Standards Office of the CTO
    Blue Coat Systems
    PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."

    On Sep 1, 2016, at 14:24, Patrick Maroney < Pmaroney@Specere.org >
    wrote:

    Recommendation: Remove the version specific attributes from the requested Chartered Work and and Open Repository Names/Descriptions.

    Understand that we need to discriminate (for now) between the “Legacy” and “Next Generation” Github Repositories. However, making Version specific instantiations of the multitude of separate Chartered Work and and Open Repository
    will greatly complicate things long term (i.e., as new major releases occur).

    Patrick Maroney
    Office: (856)983-0001
    Cell: (609)841-5104

    <image001.png>

    President
    Integrated Networking Technologies, Inc.
    PO Box 569
    Marlton, NJ 08053

    From: " cti@lists.oasis-open.org "
    < cti@lists.oasis-open.org > on behalf of Bret Jordan < bret.jordan@bluecoat.com >
    Date: Thursday, September 1, 2016 at 2:09 PM
    To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >
    Subject: [cti] More Github Repos

    I move that the TC approve the requesting of OASIS to set up the following OASIS Chartered Work Repository projects, stix2, cybox3, and taxii2 named cti-stix2, cti-cybox3 and cti-taxii2 using the following pieces of information:

    Purpose Statement: This STIX repository will contain official specification documents along with wikis and issues relating to the official specifications.

    Initial Maintainers: Bret Jordan, John Wunder
    GitHub Name: cti-stix2
    Short Description: OASIS Chartered Work Repository: Official repository for STIX 2 work

    Purpose Statement: This CybOX repository will contain official specification documents along with wikis and issues relating to the official specifications.

    Initial Maintainers: Ivan Kirillov, Trey Darley
    GitHub Name: cti-cybox3
    Short Description: OASIS Chartered Work Repository: Official repository for CybOX 3 work

    Purpose Statement: This TAXII repository will contain official specification documents along with wikis and issues relating to the official specifications.

    Initial Maintainers: Bret Jordan, Mark Davidson
    GitHub Name: cti-taxii2
    Short Description: OASIS Chartered Work Repository: Official repository for TAXII 2 work


    Thanks,

    Bret



    Bret Jordan CISSP
    Director of Security Architecture and Standards Office of the CTO
    Blue Coat Systems
    PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."



















  • 11.  Re: [cti] More Github Repos

    Posted 09-02-2016 15:50
    Well said, and I agree.  Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   On Sep 2, 2016, at 08:24, Allan Thomson < athomson@lookingglasscyber.com > wrote: I would also say that presumably these new repos are not going to include the previous STIX 1/TAXII versions so technically they only will include 2.x and future revs. Not 1.x. If they are named without version I would expect all versions including 1.x.   I have a slight preference for the number in the repos because it helps distinguish from the previous version that is very different as Bret says.   Regarding major vs minor changes. I think the heart of the issue is not the number per se but what defines compatibility/interoperability. For example, introducing a new optional TLO may not break any implementation if those implementations don’t need to support that TLO. Whereas if the use case requires use of that TLO then they would obviously want to support that TLO and make sure they support the mandatory aspects including agreed behavior.   I would rather we focus on defining what is required for compatibility and interoperability and less about the number of the spec.   allan   From:   cti@lists.oasis-open.org < cti@lists.oasis-open.org > on behalf of Jordan, Bret < bret.jordan@bluecoat.com > Date:   Friday, September 2, 2016 at 7:18 AM To:   Wunder, John < jwunder@mitre.org > Cc:   Jason Keirstead < Jason.Keirstead@ca.ibm.com >, Patrick Maroney < Pmaroney@Specere.org >, cti@lists.oasis-open.org < cti@lists.oasis-open.org > Subject:   Re: [cti] More Github Repos   I like the distinction it gives.  Keep in mind that the reason we are using these repos (the official specification ones) is not for the source control, but for the wiki and issue tracking.  Branching and Tagging and all of the other Git stuff is not what we are looking to use these repos for.     Bret  Sent from my Commodore 64 On Sep 2, 2016, at 6:29 AM, Wunder, John A. < jwunder@mitre.org > wrote: Our thinking was just that if we ever have another major version release of (for example) STIX, it would be due to very fundamental changes and we’d want a clean break. And of course to distinguish from the “legacy” DHS/MITRE repositories.   I’m fine either way.   From:   < cti@lists.oasis-open.org > on behalf of Jason Keirstead < Jason.Keirstead@ca.ibm.com > Date:   Friday, September 2, 2016 at 8:11 AM To:   Patrick Maroney < Pmaroney@Specere.org > Cc:   Bret Jordan < bret.jordan@bluecoat.com >, cti@lists.oasis-open.org < cti@lists.oasis-open.org > Subject:   Re: [cti] More Github Repos   I would say I agree with Patrick... I am not sure why we should put version numbers on the repo names. Versioning is part of Github. STIX 2 stable would just be a tag and/or branch... - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security     www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown   <image001.gif> Patrick Maroney ---09/01/2016 08:05:12 PM---I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of G From:   Patrick Maroney < Pmaroney@Specere.org > To:   Jordan, Bret < bret.jordan@bluecoat.com > Cc:   cti@lists.oasis-open.org < cti@lists.oasis-open.org > Date:   09/01/2016 08:05 PM Subject:   Re: [cti] More Github Repos Sent by:   < cti@lists.oasis-open.org > I would argue instead for a single Open and Work Product repo for each of the 4 SCs and the use of Github Branches for variants. Ultimately Github provides a number of very useful capabilities for managing workflow, variants, releases that will serve us well. Patrick Maroney President Integrated Networking Technologies, Inc. Desk: (856)983-0001 Cell: (609)841-5104 Email:   pmaroney@specere.org _____________________________ From: Jordan, Bret < bret.jordan@bluecoat.com > Sent: Thursday, September 1, 2016 6:58 PM Subject: Re: [cti] More Github Repos To: Patrick Maroney < pmaroney@specere.org > Cc: < cti@lists.oasis-open.org > I think major release numbers are okay... Since if we ever do a STIX 3, we will probably want to start fresh at that point. Thanks, Bret Bret Jordan CISSP   Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg. On Sep 1, 2016, at 14:24, Patrick Maroney < Pmaroney@Specere.org > wrote: Recommendation: Remove the version specific attributes from the requested Chartered Work and and Open Repository Names/Descriptions. Understand that we need to discriminate (for now) between the “Legacy” and “Next Generation” Github Repositories. However, making Version specific instantiations of the multitude of separate Chartered Work and and Open Repository will greatly complicate things long term (i.e., as new major releases occur). Patrick Maroney Office: (856)983-0001 Cell: (609)841-5104 <image001.png> President Integrated Networking Technologies, Inc. PO Box 569 Marlton, NJ 08053 From:   cti@lists.oasis-open.org < cti@lists.oasis-open.org > on behalf of Bret Jordan < bret.jordan@bluecoat.com > Date:   Thursday, September 1, 2016 at 2:09 PM To:   cti@lists.oasis-open.org < cti@lists.oasis-open.org > Subject:   [cti] More Github Repos I move that the TC approve the requesting of OASIS to set up the following OASIS Chartered Work Repository projects, stix2, cybox3, and taxii2 named cti-stix2, cti-cybox3 and cti-taxii2 using the following pieces of information: Purpose Statement:   This STIX repository will contain official specification documents along with wikis and issues relating to the official specifications.   Initial Maintainers:   Bret Jordan, John Wunder GitHub Name:   cti-stix2 Short Description:   OASIS Chartered Work Repository: Official repository for STIX 2 work Purpose Statement:   This CybOX repository will contain official specification documents along with wikis and issues relating to the official specifications.   Initial Maintainers:   Ivan Kirillov, Trey Darley GitHub Name:   cti-cybox3 Short Description:   OASIS Chartered Work Repository: Official repository for CybOX 3 work Purpose Statement:   This TAXII repository will contain official specification documents along with wikis and issues relating to the official specifications.   Initial Maintainers:   Bret Jordan, Mark Davidson GitHub Name:   cti-taxii2 Short Description:   OASIS Chartered Work Repository: Official repository for TAXII 2 work Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg. Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail