< Home | Return to Ballot listing

Ballot Details    TC Member Ballot View
Approve Custom Properties (STIX 2.0-1, Section 5.1) text as working draft

Do you accept the Custom Properties text, contained in STIX 2.0-1, Section 5.1 and duplicated below in the description, and support marking it as “working draft”?

Working draft status indicates that the TC generally agrees with the approach and the text as written. Editorial changes to the text may be made after text has been moved to draft status, but any substantive changes after the ballot has passed require another ballot to accept those substantive changes.

Link to text: https://docs.google.com/document/d/1HJqhvzO35h62gQGPvghVRIAtQrZn3_J__0UcDAj-NXY/edit#heading=h.8072zpptza86

Full Text:

5.1. Custom Properties
The authors of this specification recognize that there will be cases where certain information exchanges can be improved by adding fields that are not specified nor reserved in this document; these fields are called Custom Properties. This section provides guidance and requirements for how producers can use Custom Properties and how consumers should interpret them in order to extend STIX in an interoperable manner.

5.1.1. Requirements
• A STIX TLO MAY have any number of Custom Properties.
• Custom Properties SHOULD start with “x_” followed by a source unique identifier (like a domain name), an underscore and then the name. For example: x_examplecom_customfield.
• Custom Property keys SHOULD have a maximum length of 30 characters.
• Custom Property keys MUST have a minimum length of 3 characters (including the prefix).
• Custom Property keys MUST have a maximum length of 256 characters.
• Custom Properties that are not prefixed with “x_” may be used in a future version of the specification for a different meaning. If compatibility with future versions of this specification is required, the “x_” prefix MUST be used.
• Custom Properties SHOULD be uniquely named when produced by the same source and SHOULD use a consistent namespace prefix (e.g., a domain name).
• Custom Properties SHOULD only be used when there is no existing field defined by the STIX specification that fulfills that need.

A consumer that receives a STIX document with one or more Custom Properties that it does not understand MAY refuse to process the document further or silently ignore non-understood properties and continue processing the document.

The reporting and logging of errors originating from the processing of Custom Properties depends heavily on the technology used to transport the STIX document and is therefore not covered in this specification.

Non-Normative: Producers of STIX documents that contain Custom Properties should be well aware of the variability of consumer behavior depending on whether or not the consumer understands the Custom Properties present in a STIX TLO. Rules for processing Custom Properties should be well defined and accessible to any consumer that would be reasonably expected to parse them.

5.1.2. Examples
{
...,
"x_acmeinc_scoring": {
"impact": "high",
"probability": "low"
},
...
}

 [ ]  Yes
 [ ]  No
 [ ]  Abstain
Opening:   Friday, 13 May 2016 @ 01:00 pm EDT
Closing:   Friday, 20 May 2016 @ 01:00 pm EDT
Group:   OASIS Cyber Threat Intelligence (CTI) TC
Ballot has closed.

Referenced Items
Name Type Date Action
Document
2016-05-20

Voting Details

Voting Summary

Options with highest number of votes are bold

Option # Votes % of Total
Yes 25 83%
No 5 17%
Abstain 1
Eligible members who have voted: 30 of 54 56%
Eligible members who have abstained: 1 of 54 2%
Eligible members who have not voted: 23 of 54 43%

Voting Details

Voter Company VoteReference Document and/or Comment
Dean Thompson
Australia and New Zealand Banking Group (A...
Yes
Alexander Foley
Bank of America
No
Bret Jordan
Blue Coat Systems, Inc.
Yes
 
Sarah Kelley
Center for Internet Security (CIS)
Yes
 
Ron Davidson
Check Point Software Technologies
--
 
Jyoti Verma
Cisco Systems
--
 
Joey Peloquin
Citrix Systems
Yes
 
Doug DePeppe
Cyber Threat Intelligence Network, Inc. (C...
--
 
Jane Ginn
Cyber Threat Intelligence Network, Inc. (C...
Yes
 
Marlon Taylor
DHS Office of Cybersecurity and Communicat...
--
 
Richard Struse
DHS Office of Cybersecurity and Communicat...
Yes
 
David Eilken
Financial Services Information Sharing and...
--
 
Paul Patrick
FireEye, Inc.
--
 
Ryusuke Masuoka
Fujitsu Limited
Yes
 
Masato Terada
Hitachi, Ltd.
Yes
 
Ron Williams
IBM
--
 
Jason Keirstead
IBM
Yes
Elysa Jones
Individual
--
 
Terry MacDonald
Individual
Yes
Patrick Maroney
Integrated Networking Technologies, Inc.
Yes
Beth Pumo
Kaiser Permanente
--
 
Allan Thomson
LookingGlass
Yes
 
Sean Barnum
Mitre Corporation
--
 
Ivan Kirillov
Mitre Corporation
--
 
Jonathan Baker
Mitre Corporation
Yes
 
John Wunder
Mitre Corporation
Yes
 
Richard Piazza
Mitre Corporation
Yes
 
Takahiro Kakumaru
NEC Corporation
Yes
 
Andrew Storms
New Context Services, Inc.
--
 
Daniel Riedel
New Context Services, Inc.
Yes
 
James Moler
New Context Services, Inc.
Yes
 
John-Mark Gurney
New Context Services, Inc.
Yes
Igor Baikalov
Securonix
--
 
Ali Khan
Soltra
--
 
Jeff Beekman
Soltra
--
 
Chris Kiehl
Soltra
--
 
Daniel Dye
Soltra
--
 
Raymond Keckler
Soltra
--
 
Mark Davidson
Soltra
--
 
Michael Pepin
Soltra
No
 
Mark Clancy
Soltra
No
Trey Darley
Soltra
Yes
 
Michael Butt
Soltra
Yes
 
Natalie Suarez
Soltra
Yes
 
Aharon Chernin
Soltra
Yes
Ben Schmoker
ThreatConnect, Inc.
No
Brad Butts
U.S. Bank
--
 
Jeffrey Mates
US Department of Defense (DoD)
Abstain
 
Gary Katz
US Department of Defense (DoD)
Yes
 
Chris Taylor
United Kingdom Cabinet Office
--
 
Laurie Thomson
United Kingdom Cabinet Office
--
 
Iain Brown
United Kingdom Cabinet Office
Yes
 
Robert Coderre
VeriSign
--
 
Kyle Maxwell
VeriSign
No