OASIS Cyber Threat Intelligence (CTI) TC

Expand all | Collapse all

Re: [EXT] [cti] Request for clarification on the effects of missing sponsorships

  • 1.  Re: [EXT] [cti] Request for clarification on the effects of missing sponsorships

    Posted 01-17-2020 12:40
    Marco   You are correct what is at risk with respect to Course of Action is the STIX 2.1 changes to the object. If, due to lack of sponsorship, we are required to remove the 2.1 additions/changes to Course of Action, the specification will revert to the Course of Action as specified in STIX 2.0.   Does that answer your question?   Rich   From: <cti@lists.oasis-open.org> on behalf of "Caselli, Marco" <marco.caselli@siemens.com> Date: Friday, January 17, 2020 at 7:33 AM To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> Subject: [EXT] [cti] Request for clarification on the effects of missing sponsorships   Dear all,   I am writing this email to ask for some clarifications about the effects of a missing sponsorship for some STIX 2.1 objects. From our last call, I understood that Infrastructure and Course of Action are at risk of being removed from the standard. In this regard, I was wondering about the fact that, while infrastructure is a new object, Course of Action was already introduced in STIX 2.0. If I do not see any technical issue in removing Infrastructure (besides the effort of going through the whole standard and ensuring integrity), would not the removal of Course of Action impact backward compatibility? As an alternative, could the missing sponsorship mean going back to the STIX 2.0 representation of Course of Action ?   Best regards                  Marco Siemens AG Corporate Technology Research in Digitalization and Automation Corporate CERT Services CT RDA ITS CER-DE Otto-Hahn-Ring 6 81739 Muenchen, Germany mailto:marco.caselli@siemens.com www.siemens.com/ingenuityforlife Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Cedrik Neike, Michael Sen, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322   Attachment: smime.p7s Description: S/MIME cryptographic signature


  • 2.  RE: [EXT] [cti] Request for clarification on the effects of missing sponsorships

    Posted 01-17-2020 12:46
    Hi Richard,   > You are correct what is at risk with respect to Course of Action is the STIX 2.1 changes to the object. If, > due to lack of sponsorship, we are required to remove the 2.1 additions/changes to Course of Action, the > specification will revert to the Course of Action as specified in STIX 2.0.   > Does that answer your question?   Yes, this solves my doubts. Thanks for the quick feedback.   Best regards   Marco Siemens AG Corporate Technology Research in Digitalization and Automation Corporate CERT Services CT RDA ITS CER-DE Otto-Hahn-Ring 6 81739 Muenchen, Germany mailto:marco.caselli@siemens.com www.siemens.com/ingenuityforlife Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Cedrik Neike, Michael Sen, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322     From: Struse, Richard J. <rjs@mitre.org> Sent: Friday, January 17, 2020 1:40 PM To: Caselli, Marco (CT RDA CST SEL-DE) <marco.caselli@siemens.com>; cti@lists.oasis-open.org Subject: Re: [EXT] [cti] Request for clarification on the effects of missing sponsorships   Marco   You are correct what is at risk with respect to Course of Action is the STIX 2.1 changes to the object. If, due to lack of sponsorship, we are required to remove the 2.1 additions/changes to Course of Action, the specification will revert to the Course of Action as specified in STIX 2.0.   Does that answer your question?   Rich   From: < cti@lists.oasis-open.org > on behalf of "Caselli, Marco" < marco.caselli@siemens.com > Date: Friday, January 17, 2020 at 7:33 AM To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > Subject: [EXT] [cti] Request for clarification on the effects of missing sponsorships   Dear all,   I am writing this email to ask for some clarifications about the effects of a missing sponsorship for some STIX 2.1 objects. From our last call, I understood that Infrastructure and Course of Action are at risk of being removed from the standard. In this regard, I was wondering about the fact that, while infrastructure is a new object, Course of Action was already introduced in STIX 2.0. If I do not see any technical issue in removing Infrastructure (besides the effort of going through the whole standard and ensuring integrity), would not the removal of Course of Action impact backward compatibility? As an alternative, could the missing sponsorship mean going back to the STIX 2.0 representation of Course of Action ?   Best regards                  Marco Siemens AG Corporate Technology Research in Digitalization and Automation Corporate CERT Services CT RDA ITS CER-DE Otto-Hahn-Ring 6 81739 Muenchen, Germany mailto:marco.caselli@siemens.com www.siemens.com/ingenuityforlife Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Cedrik Neike, Michael Sen, Ralf P. Thomas; Registered offices: Berlin and Munich, Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich, HRB 6684; WEEE-Reg.-No. DE 23691322   Attachment: smime.p7s Description: S/MIME cryptographic signature