I started going through this list today, but there are somethings in here that need further clarification about how much support we’ll aim to support
in each version of STIX. For example, I’d be happy to support a fairly simple identity object that specifies some simple information about Identity for STIX v2.0, but I wouldn’t necessarily support the full CIQ implementation of CIQ as part of the STIX v2.0
MVP.
In other words, some of these topics are potentially very large rabbit holes to do down, and yet if we start of with basic functionality then they
are achievable for STIX v2.0 first release.
Could we please change the headings in the table provided to be:
·
This release (2.0)
·
Future releases (2.x)
·
Not Required
This will allow people to say what they don’t want in there, and to understand that not having things now still means they will happen in the future.
Cheers
Terry MacDonald
Senior STIX Subject Matter Expert
SOLTRA An FS-ISAC and DTCC Company
+61 (407) 203 206
terry@soltra.com From:
cti-stix@lists.oasis-open.org [mailto:
cti-stix@lists.oasis-open.org]
On Behalf Of Wunder, John A.
Sent: Wednesday, 30 March 2016 3:23 AM
To:
cti-stix@lists.oasis-open.org Subject: [cti-stix] STIX MVP
Hey everyone,
On our working group call today, one of the things we talked through was nailing down topics for the STIX 2.0 MVP (minimally viable product). To get things started,
I put together the following notional checklist after looking at what was in STIX 1.2, our draft for 2.0, and the issue tracker:
https://docs.google.com/document/d/1yvqWaPPnPW-2NiVCLqzRszcx91ffMowfT5MmE9Nsy_w/edit# I have two requests for each of you:
Take a look through that list and make sure it looks complete. Are there any topics that we’ve talked about that I forgot? Keep in mind we don’t want to go into excruciating detail…high-level concepts
are MVP, not specific implementations. If you can think of any, suggest them either in the document or as a reply to this message. Also, if you don’t understand some of the rows let us know.
Looking through the items that are there, let us know whether you think we should cover them in STIX 2.0 and, if not, STIX 2.1 (i.e. Immediately schedule them for after the 2.0 release). I’d suggest
that rather than adding comments directly into the document you reply via e-mail…copy the table in and fill it out completely, give us a list of things you think MUST be in/out, or something in between. The editors will keep track of those comments and update
the numbers in the document as responses come in.
We’ll regroup on the working group call next week. Depending on how many responses we’ve gotten we can hopefully make progress towards marking things definitely
yes or definitely no, then talk about the things in the middle. What we discussed on the call is that we’ll get to some rough consensus on a final checklist that we can have an official ballot on.
John
PS: As I finished typing this up I realized that both STIX co-chairs are out so I’m kind of out on a limb here. Sean and Aharon may have other ideas when they get
back, but minimally this approach seems to make sense for the time being to get us all on the same page even if they have a different path towards solidifying it.