OASIS Cyber Threat Intelligence (CTI) TC

  • 1.  Question about final publication as single document

    Posted 04-10-2019 16:56
    All, As you know when we started working in Google Docs for the 2.0 specification, we quickly came across a page limit with Google Docs.  As such we had to break the STIX Document up in to multiple parts to stay under that page limit and keep Google Docs from crashing.   Where some of the content ended up was based purely on balancing the size of the documents, versus where it made the most sense.  Fast-forward to 2.1; CybOX is now part of STIX and a ton of water is now under the bridge. The editors have been talking about how best to address some of the problems people have with finding certain things as they do not know which document / part the content is in and thus they can not use Command-F/Ctrl-F to find it. Would anyone object to the final work product being released as a single document?   NOTE: we would still use multiple Google Docs /  parts (and maybe even more parts) to do document edits and TC review.   What would change is, when we cut a CSD or CS the editors would merge that all down into a single Word document. Also the individual parts would no longer have "Front Matter" and "Appendixes" as they would not be needed. The document structure would probably look something like the following (though please feel free to bike shed the order). STIX 2.1 Front Matter + IPR + Table of Contents Introduction Data Types Core Concepts STIX Helper Objects STIX Domain Objects STIX Relationship Objects STIX Cyber Observable Objects STIX Patterning Vocabularies Customizing STIX Conformance Appendixes Please let the editors know if you have strong feelings one way or the other.  Bret


  • 2.  Re: [EXT] [cti] Question about final publication as single document

    Posted 04-11-2019 18:23
    So far everything we have heard has been positive and supportive of releasing a single document as the final work product.  If you have any objections to this, please do by end-of-day tomorrow (Friday).   Thanks Bret   From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com> Sent: Wednesday, April 10, 2019 10:55:21 AM To: cti@lists.oasis-open.org Subject: [EXT] [cti] Question about final publication as single document   All, As you know when we started working in Google Docs for the 2.0 specification, we quickly came across a page limit with Google Docs.  As such we had to break the STIX Document up in to multiple parts to stay under that page limit and keep Google Docs from crashing.   Where some of the content ended up was based purely on balancing the size of the documents, versus where it made the most sense.  Fast-forward to 2.1; CybOX is now part of STIX and a ton of water is now under the bridge. The editors have been talking about how best to address some of the problems people have with finding certain things as they do not know which document / part the content is in and thus they can not use Command-F/Ctrl-F to find it. Would anyone object to the final work product being released as a single document?   NOTE: we would still use multiple Google Docs /  parts (and maybe even more parts) to do document edits and TC review.   What would change is, when we cut a CSD or CS the editors would merge that all down into a single Word document. Also the individual parts would no longer have "Front Matter" and "Appendixes" as they would not be needed. The document structure would probably look something like the following (though please feel free to bike shed the order). STIX 2.1 Front Matter + IPR + Table of Contents Introduction Data Types Core Concepts STIX Helper Objects STIX Domain Objects STIX Relationship Objects STIX Cyber Observable Objects STIX Patterning Vocabularies Customizing STIX Conformance Appendixes Please let the editors know if you have strong feelings one way or the other.  Bret