CTI STIX Subcommittee

  • 1.  Spec Version

    Posted 06-28-2018 20:47
    All, For STIX 2.1 the TC decided to add a "spec_version" property to all objects (a property that will record the version of STIX to which the object conforms). I wonder if this property would be best renamed to "stix_version" instead of "spec_version".  I feel like "stix_version" might make it more clear what we are referring to, especially for non-native english speakers. In STIX 2.0 we had "spec_version" on the Bundle, however, that has been removed from the Bundle in STIX 2.1. I originally brought this up on slack, but wanted to make sure the broader TC could voice their opinion, especially those that do not natively speak english. Bret  


  • 2.  RE: Spec Version

    Posted 06-29-2018 13:02
    Like the idea, agree that stix_version would be clearer. -G   From: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> On Behalf Of Bret Jordan Sent: Thursday, June 28, 2018 4:47 PM To: cti-stix@lists.oasis-open.org Subject: [Non-DoD Source] [cti-stix] Spec Version   All,   For STIX 2.1 the TC decided to add a "spec_version" property to all objects (a property that will record the version of STIX to which the object conforms). I wonder if this property would be best renamed to "stix_version" instead of "spec_version".  I feel like "stix_version" might make it more clear what we are referring to, especially for non-native english speakers.   In STIX 2.0 we had "spec_version" on the Bundle, however, that has been removed from the Bundle in STIX 2.1.   I originally brought this up on slack, but wanted to make sure the broader TC could voice their opinion, especially those that do not natively speak english.   Bret     Attachment: smime.p7s Description: S/MIME cryptographic signature


  • 3.  Re: [cti-stix] RE: Spec Version

    Posted 06-29-2018 13:14
    The problem I have with this is, if we make this change, then either - We make the same change to the bundle object, which is then a breaking change - We don't make the same change to the bundle object, and now we have two fields with different names communicating the same thing This to me is an arbitrary reason to make a breaking change. There are *a lot* of field names in STIX that are not going to make sense to a non-english speaker. - Jason Keirstead Lead Architect - IBM Security Cloud www.ibm.com/security "Things may come to those who wait, but only the things left by those who hustle." - Unknown From:         "Katz, Gary CTR DC3/TSD" <Gary.Katz.ctr@dc3.mil> To:         Bret Jordan <Bret_Jordan@symantec.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org> Date:         06/29/2018 10:01 AM Subject:         [cti-stix] RE: Spec Version Sent by:         <cti-stix@lists.oasis-open.org> Like the idea, agree that stix_version would be clearer. -G   From: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> On Behalf Of Bret Jordan Sent: Thursday, June 28, 2018 4:47 PM To: cti-stix@lists.oasis-open.org Subject: [Non-DoD Source] [cti-stix] Spec Version   All,   For STIX 2.1 the TC decided to add a "spec_version" property to all objects (a property that will record the version of STIX to which the object conforms). I wonder if this property would be best renamed to "stix_version" instead of "spec_version".  I feel like "stix_version" might make it more clear what we are referring to, especially for non-native english speakers.   In STIX 2.0 we had "spec_version" on the Bundle, however, that has been removed from the Bundle in STIX 2.1.   I originally brought this up on slack, but wanted to make sure the broader TC could voice their opinion, especially those that do not natively speak english.   Bret    


  • 4.  Re: [cti-stix] RE: Spec Version

    Posted 06-29-2018 13:17




    I agree with Jason, this seems rather arbitrary to me. If we really care about making STIX useful to non-English speakers, we should encourage translation of the specifications into other languages.
     
    Regards,
    Ivan
     

    From: <cti-stix@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
    Date: Friday, June 29, 2018 at 7:14 AM
    To: "Katz, Gary" <gary.katz.ctr@dc3.mil>
    Cc: Bret Jordan <Bret_Jordan@symantec.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
    Subject: Re: [cti-stix] RE: Spec Version


     

    The problem I have with this is, if we make this change, then either

    - We make the same change to the bundle object, which is then a breaking change

    - We don't make the same change to the bundle object, and now we have two fields with different names communicating the same thing

    This to me is an arbitrary reason to make a breaking change. There are *a lot* of field names in STIX that are not going to make sense to a non-english speaker.


    -
    Jason Keirstead
    Lead Architect - IBM Security Cloud
    www.ibm.com/security

    "Things may come to those who wait, but only the things left by those who hustle." - Unknown





    From:         "Katz, Gary CTR DC3/TSD" <Gary.Katz.ctr@dc3.mil>
    To:         Bret Jordan <Bret_Jordan@symantec.com>, "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
    Date:         06/29/2018 10:01 AM
    Subject:         [cti-stix] RE: Spec Version
    Sent by:         <cti-stix@lists.oasis-open.org>






    Like the idea, agree that stix_version would be clearer.
    -G
     
    From: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org>
    On Behalf Of Bret Jordan
    Sent: Thursday, June 28, 2018 4:47 PM
    To: cti-stix@lists.oasis-open.org
    Subject: [Non-DoD Source] [cti-stix] Spec Version
     
    All,
     
    For STIX 2.1 the TC decided to add a "spec_version" property to all objects (a property that will record the version of STIX to which the object conforms). I wonder if this property would be best renamed to "stix_version" instead
    of "spec_version".  I feel like "stix_version" might make it more clear what we are referring to, especially for non-native english speakers.
     
    In STIX 2.0 we had "spec_version" on the Bundle, however, that has been removed from the Bundle in STIX 2.1.
     
    I originally brought this up on slack, but wanted to make sure the broader TC could voice their opinion, especially those that do not natively speak english.
     
    Bret  
     










  • 5.  RE: [cti-stix] RE: Spec Version

    Posted 06-29-2018 13:30
      |   view attached
    Just to be clear, the breaking change has already been made. As Bret pointed out, we have actually removed the “spec_version” field from bundle for STIX 2.1. There would be no conflict now if we chose to call it “stix_version”.   That being said, I’m ambivalent. It doesn’t matter to me one way or the other. As such, I think it’s probably easier to just keep it the same (aka call it “spec_version”).       Sarah Kelley Lead Cybersecurity Engineer, T8B2 Defensive Operations The MITRE Corporation 703-983-6242 skelley@mitre.org   From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Jason Keirstead Sent: Friday, June 29, 2018 9:14 AM To: Katz, Gary <gary.katz.ctr@dc3.mil> Cc: Bret Jordan <Bret_Jordan@symantec.com>; cti-stix@lists.oasis-open.org Subject: Re: [cti-stix] RE: Spec Version   The problem I have with this is, if we make this change, then either - We make the same change to the bundle object, which is then a breaking change - We don't make the same change to the bundle object, and now we have two fields with different names communicating the same thing This to me is an arbitrary reason to make a breaking change. There are *a lot* of field names in STIX that are not going to make sense to a non-english speaker. - Jason Keirstead Lead Architect - IBM Security Cloud www.ibm.com/security "Things may come to those who wait, but only the things left by those who hustle." - Unknown From:         "Katz, Gary CTR DC3/TSD" < Gary.Katz.ctr@dc3.mil > To:         Bret Jordan < Bret_Jordan@symantec.com >, " cti-stix@lists.oasis-open.org " < cti-stix@lists.oasis-open.org > Date:         06/29/2018 10:01 AM Subject:         [cti-stix] RE: Spec Version Sent by:         < cti-stix@lists.oasis-open.org > Like the idea, agree that stix_version would be clearer. -G   From: cti-stix@lists.oasis-open.org < cti-stix@lists.oasis-open.org > On Behalf Of Bret Jordan Sent: Thursday, June 28, 2018 4:47 PM To: cti-stix@lists.oasis-open.org Subject: [Non-DoD Source] [cti-stix] Spec Version   All,   For STIX 2.1 the TC decided to add a "spec_version" property to all objects (a property that will record the version of STIX to which the object conforms). I wonder if this property would be best renamed to "stix_version" instead of "spec_version".  I feel like "stix_version" might make it more clear what we are referring to, especially for non-native english speakers.   In STIX 2.0 we had "spec_version" on the Bundle, however, that has been removed from the Bundle in STIX 2.1.   I originally brought this up on slack, but wanted to make sure the broader TC could voice their opinion, especially those that do not natively speak english.   Bret    


  • 6.  Re: [cti-stix] RE: Spec Version

    Posted 06-29-2018 19:28
      |   view attached
    I tend to agree that this changes is not necessary but Bret's original question to the list was to non-english speaking individuals that are on the TC list. Allan Thomson, CTO,  Lookingglass Cyber Solutions This electronic message transmission contains information from LookingGlass Cyber Solutions, Inc. which may be attorney-client privileged, proprietary and/or confidential. The information in this message is intended only for use by the individual(s) to whom it is addressed.  If you believe that you have received this message in error, please contact the sender, delete this message, and be aware that any review, use, disclosure, copying or distribution of the contents contained within is strictly prohibited. From: cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of Kelley, Sarah E. <skelley@mitre.org> Sent: Friday, June 29, 2018 9:29 PM To: cti-stix@lists.oasis-open.org Subject: RE: [cti-stix] RE: Spec Version   Just to be clear, the breaking change has already been made. As Bret pointed out, we have actually removed the “spec_version” field from bundle for STIX 2.1. There would be no conflict now if we chose to call it “stix_version”.   That being said, I’m ambivalent. It doesn’t matter to me one way or the other. As such, I think it’s probably easier to just keep it the same (aka call it “spec_version”).       Sarah Kelley Lead Cybersecurity Engineer, T8B2 Defensive Operations The MITRE Corporation 703-983-6242 skelley@mitre.org   From: cti-stix@lists.oasis-open.org [mailto:cti-stix@lists.oasis-open.org] On Behalf Of Jason Keirstead Sent: Friday, June 29, 2018 9:14 AM To: Katz, Gary <gary.katz.ctr@dc3.mil> Cc: Bret Jordan <Bret_Jordan@symantec.com>; cti-stix@lists.oasis-open.org Subject: Re: [cti-stix] RE: Spec Version   The problem I have with this is, if we make this change, then either - We make the same change to the bundle object, which is then a breaking change - We don't make the same change to the bundle object, and now we have two fields with different names communicating the same thing This to me is an arbitrary reason to make a breaking change. There are *a lot* of field names in STIX that are not going to make sense to a non-english speaker. - Jason Keirstead Lead Architect - IBM Security Cloud www.ibm.com/security "Things may come to those who wait, but only the things left by those who hustle." - Unknown From:         "Katz, Gary CTR DC3/TSD" < Gary.Katz.ctr@dc3.mil > To:         Bret Jordan < Bret_Jordan@symantec.com >, " cti-stix@lists.oasis-open.org " < cti-stix@lists.oasis-open.org > Date:         06/29/2018 10:01 AM Subject:         [cti-stix] RE: Spec Version Sent by:         < cti-stix@lists.oasis-open.org > Like the idea, agree that stix_version would be clearer. -G   From: cti-stix@lists.oasis-open.org < cti-stix@lists.oasis-open.org > On Behalf Of Bret Jordan Sent: Thursday, June 28, 2018 4:47 PM To: cti-stix@lists.oasis-open.org Subject: [Non-DoD Source] [cti-stix] Spec Version   All,   For STIX 2.1 the TC decided to add a "spec_version" property to all objects (a property that will record the version of STIX to which the object conforms). I wonder if this property would be best renamed to "stix_version" instead of "spec_version".  I feel like "stix_version" might make it more clear what we are referring to, especially for non-native english speakers.   In STIX 2.0 we had "spec_version" on the Bundle, however, that has been removed from the Bundle in STIX 2.1.   I originally brought this up on slack, but wanted to make sure the broader TC could voice their opinion, especially those that do not natively speak english.   Bret    


  • 7.  Re: [cti-stix] Spec Version

    Posted 07-01-2018 15:57
    I think it needs to stay `spec_version`. The spec modifier is useful clarification, even for native English speakers, that we’re referring the specification version versus a version of the STIX object. On Jun 28, 2018, at 10:47 PM, Bret Jordan < Bret_Jordan@symantec.com > wrote: All, For STIX 2.1 the TC decided to add a spec_version property to all objects (a property that will record the version of STIX to which the object conforms). I wonder if this property would be best renamed to  stix_version instead of spec_version .  I feel like stix_version might make it more clear what we are referring to, especially for non-native english speakers. In STIX 2.0 we had spec_version on the Bundle, however, that has been removed from the Bundle in STIX 2.1. I originally brought this up on slack, but wanted to make sure the broader TC could voice their opinion, especially those that do not natively speak english. Bret  


  • 8.  Re: [cti-stix] Spec Version

    Posted 07-02-2018 11:31
    On 29.06.2018 23:30:31, Drew Varner wrote: > I think it needs to stay `spec_version`. The spec modifier is useful > clarification, even for native English speakers, that we’re > referring the specification version versus a version of the STIX > object. > Agree 100%, Drew. -- Cheers, Trey ++--------------------------------------------------------------------------++ Director of Standards Development, New Context gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338 ++--------------------------------------------------------------------------++ -- "Repetition does not transform a lie into a truth." --Franklin Delano Roosevelt Attachment: signature.asc Description: PGP signature


  • 9.  Re: [cti-stix] Spec Version

    Posted 07-02-2018 14:21
    Agree Sean Barnum Principal Architect FireEye M: 703.473.8262 E: sean.barnum@fireeye.com ?On 7/2/18, 7:30 AM, "Trey Darley" <cti-stix@lists.oasis-open.org on behalf of trey@newcontext.com> wrote: On 29.06.2018 23:30:31, Drew Varner wrote: > I think it needs to stay `spec_version`. The spec modifier is useful > clarification, even for native English speakers, that we’re > referring the specification version versus a version of the STIX > object. > Agree 100%, Drew. -- Cheers, Trey ++--------------------------------------------------------------------------++ Director of Standards Development, New Context gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338 ++--------------------------------------------------------------------------++ -- "Repetition does not transform a lie into a truth." --Franklin Delano Roosevelt This email and any attachments thereto may contain private, confidential, and/or privileged material for the sole use of the intended recipient. Any review, copying, or distribution of this email (or any attachments thereto) by others is strictly prohibited. If you are not the intended recipient, please contact the sender immediately and permanently delete the original and any copies of this email and any attachments thereto.