OASIS Cyber Threat Intelligence (CTI) TC

 View Only

STIX 2.1 CSD02 Sponsorship?

  • 1.  STIX 2.1 CSD02 Sponsorship?

    Posted 08-09-2019 17:16




    All,
     
    Now that STIX 2.1 CSD02 is out the door, we can begin the sponsorship process. However, one of the questions that we (MITRE/DHS) have is with regards to the type of sponsorship expected for each item full
    (code + interop text) or just working code. If you recall from the last sponsorship period, certain things like confidence only required working code while others such as the Opinion & Note objects required interop text as well.
     
    Here s the list of items for sponsorship, along with my own thoughts as to the type of sponsorship:
     

    COA: full Grouping: full Infrastructure: full Malware: full Malware Analysis: full SCOs as top-level objects: full however, the level of detail on this one is quite open. Maybe different sponsors can choose different SCOs to cover? SCO relationships: working code Deterministic IDs: working code
     
    Also, I would suggest that we don t formally start the sponsorship period until we get this question resolved, so that sponsors have a better understanding of what is expected.
     
    -Ivan