All,
On the working call, we refined last week’s discussion into two recommended proposals for moving forward with STIX/TAXII 2.1. These proposals may well make their way into a ballot as mentioned earlier on this
list. If you did not make the call and would like a proposal added to the list, please let myself or any co-chair know.
Those proposals are:
Proposal #1 – F2F Consensus + slight modifications (bolded)
For STIX 2.1 and TAXII 2.1
We will release a series of TC approved CSDs, where each CSD has a 2 week ballot period. Each CSD may have some fixes that require breaking changes to previous CSDs as required
A feature has 185 days (6 months) post CSD ballot approval to show that it meets the definition of done; If it does not meet the definition of done it will be scoped out of
the next CSD. Before we do a CS we will ensure that all changes and new features meet the definition of "done".
At least 2 organizations will have running POC code with real data that can interoperate
We will have fully defined specification text The feature is covered by one or more interop tests, either new or existing A CS will be submitted for TC approval no later than 185 days (6 months) 187
(or longer if agreed to by the TC) after the last CSD that the TC approved. However, if something has to be removed we will reissue a CSD with only components that were approved and shown to be done in a previous CSD. STIX 2.1 CSD 01 shall include:
2.0 Breaking Changes Confidence i18n Location Malware Intel Note Opinion
CSD-02
IEP Grouping COA Assertion Pattern Extension
CSD-03
Infrastructure
Informationally note the risk that organizations take when implementing draft specifications
Proposal #2:
Declare STIX 2.1 to be "done", and start the process for it to be released as the 2.1 CS. Each currently "text-complete" feature will be voted on, and only ones approved by the TC will be included. Development of dropped features and others will continue with STIX
2.2 using the new approved process as discussed in the January F2F.
Mark Davidson Engineering
Mark.Davidson@nc4.com NC4 Soltra
1225 S. Clark Street, Suite 1103
Arlington, VA 22202
www.soltra.com Disclaimer: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended
recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify
the sender and destroy and delete any copies you may have received.