It may be putting the cart a little before the horse, but I'm assuming the D&TA contributions will made shortly and most are in agreement that their work should be the basis of our work. I'd like to propose that one of our work products (in addition to a spec, use cases, security considerations, and tools) be an FAQ. It might just be a directory in the GitHub but ideally it would be on some sort of 'awareness and adoption' website. Several other TCs have successfully done this (ie having awareness and adoption pages eg Getting Started with STIX 2.1.).
I think this would be useful if we are wildly successful and we get our spec out promptly. But I think it would also be useful in getting the spec out promptly, especially getting through the public review gates we need to go through. The TC charter section 2a identifies other work we should consider, and there are probably other items not on this list (eg the work going on wrt "AI SBOMs"). A useful way to deal with 'other related work' is to have a set of FAQs on "how does our spec relate to whatever" to show you considered it and it doesn't relate, or you did use it, or our use case is different, or whatever. It preempts the public comments that are basically 'why didn't you do it our way?'. And sometimes creating the FAQ gets you to actually change something because the other group did have something worth using. It's better to do it now than have an altercation later that introduces delay.
| Oasis-open |
remove preview |
|
| Getting Started with STIX 2.1 |
| The OASIS Cyber Threat Intelligence (CTI) TC supports automated information sharing for cybersecurity situational awareness, real-time network defense, and sophisticated threat analysis. |
| View this on Oasis-open > |
|
|
)
------------------------------
Duncan Sparrell
Chief Cyber Curmudgeion
sFractal Consulting LLC
Oakton VA
703-828-8646
------------------------------