A kind reminder for the pro JSON or others that without proper answers to
the requirements we should not be able to go further
(Maybe a PRD document would help)
On Saturday, 24 October 2015, JG on CTI-TC <
jg@ctin.us> wrote:
> Jerome & All:
>
> Attached is the MTI Evaluation Criteria Matrix I was referring to in the
> previous post. Corrections, adjustments, revisions welcome.
>
> Jane Ginn
> CTIN
>
> On 10/19/2015 8:33 AM, Jerome Athias wrote:
> > Thank you very much Jane for this effort and sharing information.
> >
> >
> > 2015-10-19 1:29 GMT+03:00 Jane Ginn -
jg@ctin.us <javascript:;> <
>
jg@ctin.us <javascript:;>>:
> >> Hi STIX Subcommittee Members:
> >>
> >> I've been reading with great interest the ongoing debate about
> establishing
> >> a Mandatory To Implement (MTI) binding for moving us forward on STIX
> 2.0.
> >>
> >> Before Sean suggested that we table it for a while he had made the point
> >> that we need to take 4 keys steps to move discussions forward in a
> >> systematic way. I'll paraphrase here.
> >>
> >> We need to establish:
> >>
> >> 1) Requirements and evaluation criteria for selecting an MTI binding;
> >>
> >> 2) Binding options (capabilities & limitations);
> >>
> >> 3) A review process to determine how each option would/could meet our
> >> evaluation criteria; and
> >>
> >> 4) A way to guage the priorities and preferences of our members.
> >>
> >> To advance this agenda I have begun to put together a matrix (see
> attached)
> >> to capture the following:
> >>
> >> HORIZONTAL AXIS: Evaluation criteria gleaned from the substantive
> >> discussions. [Item 1, above]
> >>
> >> VERTICAL AXIS: Technology stack as characterized by Sean, Cory, Shawn
> and
> >> others. [Refinement to Item 1, above]
> >>
> >> MATRIX CELLS: Candidate technologies that I have heard mentioned by
> members
> >> of the TC and other interested parties. [Item 2, above]
> >>
> >> Note that this is just a first cut. I'm offering it here as a potential
> >> framework (straw man) for advancing these discussions in a manner that
> will
> >> help us reach a concensus sooner, rather than later. I challenge those
> of
> >> you with an interest in this matter to edit this matrix liberally to
> help
> >> make it really reflect group think. Perhaps it should be added to the
> wiki
> >> for that; which might address Item 3, above.
> >>
> >> Note that I also acknowledge that any MTI selected for STIX must also
> >> accommodate the needs of CybOX. A similar sort of matrix could be
> >> constructed for that MTI selection process, if needed.
> >>
> >> To address Item 4 I'd like to suggest a Survey Monkey survey that
> captures
> >> some of the ideas that get flushed out in the matrix and gives us a
> >> quantitative guage of member preferences.
> >>
> >> All for now,
> >>
> >> Jane Ginn, MSIA, MRP
> >> Cyber Threat Intelligence Network, Inc.
> >>
jg@ctin.us <javascript:;>
> >>
> >>
>
>
>
>