OASIS Cyber Threat Intelligence (CTI) TC

  • 1.  Notes from Today's Working Call - 3/13/2018

    Posted 03-13-2018 20:13




    All,
     
    On the working call, we refined last week’s discussion into two recommended proposals for moving forward with STIX/TAXII 2.1. These proposals may well make their way into a ballot as mentioned earlier on this
    list. If you did not make the call and would like a proposal added to the list, please let myself or any co-chair know.
     
    Those proposals are:
     
    Proposal #1 – F2F Consensus + slight modifications (bolded)
    For STIX 2.1 and TAXII 2.1

    We will release a series of TC approved CSDs, where each CSD has a 2 week ballot period. Each CSD may have some fixes that require breaking changes to previous CSDs as required 
    A feature has 185 days (6 months) post CSD ballot approval to show that it meets the definition of done; If it does not meet the definition of done it will be scoped out of
    the next CSD. Before we do a CS we will ensure that all changes and new features meet the definition of "done".
    At least 2 organizations will have running POC code with real data that can interoperate
    We will have fully defined specification text The feature is covered by one or more interop tests, either new or existing A CS will be submitted for TC approval no later than 185 days (6 months) 187
    (or longer if agreed to by the TC) after the last CSD that the TC approved. However, if something has to be removed we will reissue a CSD with only components that were approved and shown to be done in a previous CSD. STIX 2.1 CSD 01 shall include:

    2.0 Breaking Changes Confidence i18n Location Malware Intel Note Opinion
    CSD-02


    IEP Grouping COA Assertion Pattern Extension
    CSD-03

    Infrastructure
    Informationally note the risk that organizations take when implementing draft specifications
     
    Proposal #2:

    Declare STIX 2.1 to be "done", and start the process for it to be released as the 2.1 CS. Each currently "text-complete" feature will be voted on, and only ones approved by the TC will be included.  Development of dropped features and others will continue with STIX
    2.2 using the new approved process as discussed in the January F2F.
     
     

    Mark Davidson Engineering
    Mark.Davidson@nc4.com

    NC4 Soltra  
    1225 S. Clark Street, Suite 1103  
    Arlington, VA 22202  
    www.soltra.com

    Disclaimer: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended
    recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify
    the sender and destroy and delete any copies you may have received.





  • 2.  Re: [EXT] [cti] Notes from Today's Working Call - 3/13/2018

    Posted 03-13-2018 23:19
    In addition to Proposal #1, to address the concerns I have voice on Slack and email, I would propose that we add the following text to all CSDs in their respective introductions.  This text will be removed before the final CSD that we issue before the CS.  (Please edit the text as needed). #BEGIN Draft Version Indicator TC EDITORS: PLEASE REMOVE THIS SECTION BEFORE CS BALLOT While the eventual version indicator for this version of the specification  will be "2.1" , implementations of draft versions (CSDs) of this  specification SHOULD instead advertise "2.1-draft01" in all places where the specification version is referenced (for example, spec_version property, API-roots, media types, etc).  This allows pre-final implementations to safely negotiate with each other, even if  they would otherwise be incompatible. When this specification is marked as final by the Technical Committee, having advanced to  either   a CS ( committee  specification)  or an  OASIS Standard, implementations MUST only advertise "2.1" to represent this specification.  Any content that was used prior to this specification becoming final, and has a designation of "-draftXX) MAY be converted to the final version or deleted. #END Bret From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Mark Davidson <Mark.Davidson@nc4.com> Sent: Tuesday, March 13, 2018 2:12:50 PM To: cti@lists.oasis-open.org Subject: [EXT] [cti] Notes from Today's Working Call - 3/13/2018   All,   On the working call, we refined last week’s discussion into two recommended proposals for moving forward with STIX/TAXII 2.1. These proposals may well make their way into a ballot as mentioned earlier on this list. If you did not make the call and would like a proposal added to the list, please let myself or any co-chair know.   Those proposals are:   Proposal #1 – F2F Consensus + slight modifications (bolded) For STIX 2.1 and TAXII 2.1 We will release a series of TC approved CSDs, where each CSD has a 2 week ballot period. Each CSD may have some fixes that require breaking changes to previous CSDs as required  A feature has 185 days (6 months) post CSD ballot approval to show that it meets the definition of done; If it does not meet the definition of done it will be scoped out of the next CSD. Before we do a CS we will ensure that all changes and new features meet the definition of "done". At least 2 organizations will have running POC code with real data that can interoperate We will have fully defined specification text The feature is covered by one or more interop tests, either new or existing A CS will be submitted for TC approval no later than 185 days (6 months) 187 (or longer if agreed to by the TC) after the last CSD that the TC approved. However, if something has to be removed we will reissue a CSD with only components that were approved and shown to be done in a previous CSD. STIX 2.1 CSD 01 shall include: 2.0 Breaking Changes Confidence i18n Location Malware Intel Note Opinion CSD-02 IEP Grouping COA Assertion Pattern Extension CSD-03 Infrastructure Informationally note the risk that organizations take when implementing draft specifications   Proposal #2: Declare STIX 2.1 to be "done", and start the process for it to be released as the 2.1 CS. Each currently "text-complete" feature will be voted on, and only ones approved by the TC will be included.  Development of dropped features and others will continue with STIX 2.2 using the new approved process as discussed in the January F2F.     Mark Davidson Engineering Mark.Davidson@nc4.com NC4 Soltra   1225 S. Clark Street, Suite 1103   Arlington, VA 22202   www.soltra.com Disclaimer: This message is intended only for the use of the individual or entity to which it is addressed and may contain information which is privileged, confidential, proprietary, or exempt from disclosure under applicable law. If you are not the intended recipient or the person responsible for delivering the message to the intended recipient, you are strictly prohibited from disclosing, distributing, copying, or in any way using this message. If you have received this communication in error, please notify the sender and destroy and delete any copies you may have received.