I agree with Jane
Bret
Sent from my Commodore 128D
PGP
Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
On Nov 18, 2017, at 3:15 AM, JG on CTI-TC <
jg@ctin.us > wrote:
Duncan/Carol & All:
My take on this debate is that it would be premature for the Council to
take up an issue like this. I think Duncan keyed off of my statement in
an earlier email about a tie vote from a Straw Man poll we took at the
F2F on the Infrastructure SDO. That poll was non-binding and unofficial
and not necessarily indicative of the view of the entire TC membership.
We would need to do a Ballot to gauge that; and I think it would be
premature for a Ballot on this topic as well. As Sarah Kelley noted in
her briefing on the status of the STIX 2.1 data objects during our full
TC calls yesterday, we have not even had 1 of 3 focused, time-boxed
calls within the TC on the potential for an Infrastructure SDO for 2.1.
We should take those steps next.
It has been my observation that the CTI TC is actually quite effective
at working through a process of reasoned debate to come to some
agreement on a path forward. I see this proposed SDO as no different
from any of the others that we've already worked through. There does
seem to be some conflation of the idea of an Infrastructure SDO with a
re-examination of the structure of the Observed Data SDO/STIX Cyber
Observables (SCOs) relative to the other SDOs. But, I believe, the
debate that has commenced on this topic is quite healthy. It is helping
people to separate their thinking about STIX 2.x as an interchange
graph-based model from the idea of a database that would be used as part
of a product implementation. Once we all align our thinking on this
matter, I think the separation of these two topics (i.e., 1. adding an
Infrastructure SDO to 2.1 and 2. elevating SCOs to top-level citizens)
will be made. Then, the path forward to an Infrastructure SDO for 2.1
will be easier to see as a Crawl, Walk, Run approach.
I think we need to separate these issues. An Infrastructure SDO solves
an immediate implementation problem. The structure of SCOs within the
STIX 2.x graph model is a systemic issue that should be debated solely
on its own merits.
My 2 cents.
Jane Ginn
On 11/17/2017 9:22 AM, Trey Darley wrote:
On 16.11.2017 08:25:41, Carol Geyer wrote:
Perhaps the way for the Council to approach it would be to say
something like "we need whatever solution y'all come up with to meet
the following objectives (or solve the following problems or...)"
rather than getting into something that sounds like "well, we vote
for that technical solution." In other words, have the Council
address the parameters of the problem rather than get into the
debates about how to solve it.
All -
There's broad consensus within the CTI TC that we *need* an
Infrastructure SDO in STIX. There's just a lot of work ahead of us to
define the object's properties and relationships. Unless the Council
are able to do that work for us, it's unclear to me how their input
will help accelerate our velocity.
--
Jane Ginn, MSIA, MRP
CTI TC Secretary, OASIS
Co-Founder of Cyber Threat Intelligence Network, Inc.
jg@ctin.us