CTI STIX SCCTI STIX SCKickoff MeetingKickoff Meeting

www.oasis-open.org

July 16, 2015July 16, 2015

www.oasis-open.org

Agenda

Approach and policies for the SC Coordination across TC Types of work products to be pursued Developing a roadmap for SC work

Specific work products Questions to be resolved

Approach and Policies

Coordinated collaboration Everyone contributes opinions As much as possible everyone contributes work Sean and Aharon coordinate the madness

Leverage CTI resources as much as possible Avoid having EVERYTHING occur on email list

Record, persist and publish all plans and decisions

We will work out policies as we go forward

Coordination across TC

Inform, collaborate, monitor

Semantic intersections Naming conventions Meeting schedules Release schedules Processes (as much as possible)

Types or Work Products

Language specs Implementation specific binding specs

Best practice and usage documentation

Supporting utilities Test data Content catalogs

Roadmap Will be developing roadmap over next few weeks Roadmap will likely contain list of work products

with details for each Name of work product Scope of work product Type of work product (SC vs TC, standard vs non-

standard) Editors Intended timing (rough time targets or dependencies)

Initial thoughts STIX v1.2.1 + Tail work products STIX v2.0 + Tail work products Catalogs (COAs, TTPs, Profiles)

STIX v1.2.1 Specification

Baseline spec within OASIS Minimal scope change possible Multipart standard

Directly map across existing docs to new docs Input (v1.2) specs should be complete within

a couple weeks Timing depends on DHS IP transfer We hope to get a significant headstart behind

the scenes

STIX v1.2.1 “Tail” STIX 1.2.1 XML binding spec

+ XML Schemas Related automation updates

Python-stix for 1.2.1 java-stix for 1.2.1

STIX 1.2.1 XML test data set other documentation other utilities

STIX v2.0 Specification

Tackle some of the bigger refactoring issues Same multipart approach as v1.2.1 expected Actual spec work will need to wait until v1.2.1

release We can start discussing issues today

Primarily using github issue trackers Will likely involve some initial steps in

semantic modeling

STIX v2.0 “Tail” STIX 2.0 XML binding spec

+ XML Schemas STIX JSON binding spec STIX SQL binding spec ?? Related automation updates

Python-stix for 2.0 java-stix for 2.0

STIX 2.0 XML test data set other documentation other utilities

Open Questions What documentation need to be maintained for each spec

version? What new documentation should be created? What utilities need to be maintained for each spec version? What new utilities should be created? How will we handle editors and process for each work

product? What will be our guidelines for determining what sort of

document each work product will be (TC vs SC, standards vs non-standards, etc.)?

What will be our meeting schedule? How formally will we track meeting participation?