All,
Now that STIX 2.1 CSD02 is out the door, we can begin the sponsorship process. However, one of the questions that we (MITRE/DHS) have is with regards to the type of sponsorship expected for each item full
(code + interop text) or just working code. If you recall from the last sponsorship period, certain things like confidence only required working code while others such as the Opinion & Note objects required interop text as well.
Here s the list of items for sponsorship, along with my own thoughts as to the type of sponsorship:
COA: full Grouping: full Infrastructure: full Malware: full Malware Analysis: full SCOs as top-level objects: full however, the level of detail on this one is quite open. Maybe different sponsors can choose different SCOs to cover? SCO relationships: working code Deterministic IDs: working code
Also, I would suggest that we don t formally start the sponsorship period until we get this question resolved, so that sponsors have a better understanding of what is expected.
-Ivan