OASIS Cyber Threat Intelligence (CTI) TC

  • 1.  Re: [cti] Consensus Achieved on 2 topics

    Posted 02-15-2016 15:34
      |   view attached




    (1) I want to first state that I fully support the "Push for Progress".  


    (2) An aggressive schedule (1-2 Business Days) for review and comments on draft normative text might work well for those who can dedicate full-time attention to this process (including time to dig out and review potentially 100s-1,000s of related Slack
    Channel comments).  


    (3) However, propose to the community that this is too aggressive in my view to give active contributors with full time responsibilities outside of the CTI TC to review, engage, and comment.  


    (4) Can we agree on some reasonable period to review, engage, and comment?
      (4.1) One week?
      (4.2) Two weeks?
      (4.3) ???







    Patrick Maroney
    Office:  (856)983-0001
    Cell:      (609)841-5104






    President
    Integrated Networking Technologies, Inc.
    PO Box 569
    Marlton, NJ 08053







    From: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > on behalf of Richard Piazza < rpiazza@mitre.org >
    Date: Monday, February 15, 2016 at 10:09 AM
    To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >
    Subject: [cti] Consensus Achieved on 2 topics








    The issues “Flatten package lists” and “CTI Core Properties” have draft normative text that has been available to review since Friday.
     
    Assuming there are no comments or questions about them today – I will mark them as “Consensus Achieved” on the wiki pages, and close the Github issue at COB today.
     
    The issue “Refactor Report Objects” has produced some discussion on the CTI list, so it will remain open for now.
     
                    Rich
     
     
    Rich Piazza
    The MITRE Corporation
    781-271-3760
     
     









  • 2.  RE: [cti] Consensus Achieved on 2 topics

    Posted 02-15-2016 15:49
      |   view attached




    On these two items, I don’t think there is much remaining controversy – and the normative write-up are pretty straightforward.  (IMHO)
     
    For others like patterns and versioning, I think you are probably correct.  Of course, there is a trade-off since this will impact the aggressive tranche schedule…
     


    From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org]
    On Behalf Of Patrick Maroney
    Sent: Monday, February 15, 2016 10:34 AM
    To: Piazza, Rich <rpiazza@mitre.org>; cti@lists.oasis-open.org
    Subject: Re: [cti] Consensus Achieved on 2 topics


     


    (1) I want to first state that I fully support the "Push for Progress".  


     


    (2) An aggressive schedule (1-2 Business Days) for review and comments on draft normative text might work well for those who can dedicate full-time attention to this process
    (including time to dig out and review potentially 100s-1,000s of related Slack Channel comments).  


     


    (3) However, propose to the community that this is too aggressive in my view to give active contributors with full time responsibilities outside of the CTI TC to review,
    engage, and comment.  


     


    (4) Can we agree on some reasonable period to review, engage, and comment?


      (4.1) One week?


      (4.2) Two weeks?


      (4.3) ???


     





     


    Patrick Maroney


    Office:  (856)983-0001


    Cell:      (609)841-5104



     





     


    President


    Integrated Networking Technologies, Inc.


    PO Box 569


    Marlton, NJ 08053





     


    From:
    " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > on behalf of Richard Piazza < rpiazza@mitre.org >
    Date: Monday, February 15, 2016 at 10:09 AM
    To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >
    Subject: [cti] Consensus Achieved on 2 topics


     



    The issues “Flatten package lists” and “CTI Core Properties” have draft normative text that has been available to review since Friday.
     
    Assuming there are no comments or questions about them today – I will mark them as “Consensus Achieved” on the wiki pages, and close the Github issue at COB today.
     
    The issue “Refactor Report Objects” has produced some discussion on the CTI list, so it will remain open for now.
     
                    Rich
     
     
    Rich Piazza
    The MITRE Corporation
    781-271-3760
     
     








  • 3.  RE: [cti] Consensus Achieved on 2 topics

    Posted 02-16-2016 10:30
      |   view attached




    Hi Rich,
     
    I think it is also important to note that we will likely have to revise these items as we progress through the design of STIX v2.0. There is just so much interrelationship between component
    parts that a change in one area WILL have an effect on another area. I think it is important to call this out now – that areas where there is consensus right now may not be so in the future and so should not be completely set in stone.
     
    Also, I have provided some comments on certain fields within the CTI Common core fields that I would like more information about. I wouldn’t consider all the fields as having reached
    consensus as yet – but that is my opinion.
     
    Cheers
     

    Terry MacDonald
    Senior STIX Subject Matter Expert
    SOLTRA   An FS-ISAC and DTCC Company
    +61 (407) 203 206
    terry@soltra.com
     

     


    From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org]
    On Behalf Of Piazza, Rich
    Sent: Tuesday, 16 February 2016 2:49 AM
    To: Patrick Maroney <Pmaroney@Specere.org>; cti@lists.oasis-open.org
    Subject: RE: [cti] Consensus Achieved on 2 topics


     
    On these two items, I don’t think there is much remaining controversy – and the normative write-up are pretty straightforward.  (IMHO)
     
    For others like patterns and versioning, I think you are probably correct.  Of course, there is a trade-off since this will impact the aggressive tranche schedule…
     


    From:
    cti@lists.oasis-open.org [ mailto:cti@lists.oasis-open.org ]
    On Behalf Of Patrick Maroney
    Sent: Monday, February 15, 2016 10:34 AM
    To: Piazza, Rich < rpiazza@mitre.org >;
    cti@lists.oasis-open.org
    Subject: Re: [cti] Consensus Achieved on 2 topics


     


    (1) I want to first state that I fully support the "Push for Progress".  


     


    (2) An aggressive schedule (1-2 Business Days) for review and comments on draft normative text might work well for those who can dedicate full-time attention
    to this process (including time to dig out and review potentially 100s-1,000s of related Slack Channel comments).  


     


    (3) However, propose to the community that this is too aggressive in my view to give active contributors with full time responsibilities outside of the CTI
    TC to review, engage, and comment.  


     


    (4) Can we agree on some reasonable period to review, engage, and comment?


      (4.1) One week?


      (4.2) Two weeks?


      (4.3) ???


     





     


    Patrick Maroney


    Office:  (856)983-0001


    Cell:      (609)841-5104



     





     


    President


    Integrated Networking Technologies, Inc.


    PO Box 569


    Marlton, NJ 08053





     


    From:
    " cti@lists.oasis-open.org " < cti@lists.oasis-open.org > on behalf of Richard Piazza < rpiazza@mitre.org >
    Date: Monday, February 15, 2016 at 10:09 AM
    To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >
    Subject: [cti] Consensus Achieved on 2 topics


     



    The issues “Flatten package lists” and “CTI Core Properties” have draft normative text that has been available to review since Friday.
     
    Assuming there are no comments or questions about them today – I will mark them as “Consensus Achieved” on the wiki pages, and close the Github issue at COB today.
     
    The issue “Refactor Report Objects” has produced some discussion on the CTI list, so it will remain open for now.
     
                    Rich
     
     
    Rich Piazza
    The MITRE Corporation
    781-271-3760
     
     








  • 4.  Re: [cti] Consensus Achieved on 2 topics

    Posted 02-16-2016 10:33
    On 15.02.2016 15:33:35, Patrick Maroney wrote: > > (2) An aggressive schedule (1-2 Business Days) for review and > comments on draft normative text might work well for those who can > dedicate full-time attention to this process (including time to dig > out and review potentially 100s-1,000s of related Slack Channel > comments). > Hey, Rich - Pat's right, allowing just 1-2 business days for review of proposed draft text before declaring consensus is too aggressive. In this case, you said if no comments were submitted by COB yesterday we'd declare consensus but yesterday was a US national holiday, hence many on the list probably didn't even read your mail yet. If we're sticking to the one tranche per week idea, how about if we leave last week's completed tranche open for review while we work on this week's tranche? To me, that's a fair balance between maintaining our desired velocity and allowing folks in the community to have the occasional sick day. -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra An FS-ISAC & DTCC Company www.soltra.com -- "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." --RFC 1925 Attachment: signature.asc Description: PGP signature


  • 5.  RE: [cti] Consensus Achieved on 2 topics

    Posted 02-16-2016 14:27
    Trey, Here at MITRE we don't get President's Day off, but you point is well taken :-) For the record, I haven't done anything yet. I'm waiting for the working meeting today. OTOH - I think those items had an original due date of 2/5... Rich Rich Piazza The MITRE Corporation 781-271-3760


  • 6.  Re: [cti] Consensus Achieved on 2 topics

    Posted 02-16-2016 14:35
    Everyone, It sounds like there are still open concerns on these issues and it makes sense to leave them still open to discussion for this week. The concern is simply the number of open issues and different discussion threads occurring at once and whether we can all effectively deal with the needed context-shifting in order to make good progress. Hopefully, these topics that have been discussed at length and whose proposed normative text that was put out for review last week will only involve a relatively minor amount of time. Does anyone have any significant concerns with this approach? sean On 2/16/16, 9:27 AM, "cti@lists.oasis-open.org on behalf of Piazza, Rich" <cti@lists.oasis-open.org on behalf of rpiazza@mitre.org> wrote: >Trey, > >Here at MITRE we don't get President's Day off, but you point is well taken :-) > >For the record, I haven't done anything yet. I'm waiting for the working meeting today. > >OTOH - I think those items had an original due date of 2/5... > > Rich > >Rich Piazza >The MITRE Corporation >781-271-3760 > >