< Home | Return to Ballot listing

Ballot Details    TC Member Ballot View
CTI-TC Open Repositories

Do you approve requesting OASIS to create an Open Repository for a CybOX Schema and the Tools described below?

***********CybOX Schemas***********************************


Purpose Statement: The CybOX schemas repository will contain non-normative JSON schemas and examples for CybOX 3. The examples will include short examples of particular objects and more complete use-case examples. The repository will contain JSON schemas and JSON CybOX documents.

Initial Maintainers: Ivan Kirillov & Trey Darley

Open Source License: BSD-3-Clause License

GitHub Name: cti-cybox3-json-schemas

Short Description: OASIS Open Repository: Non-normative schemas and examples for CybOX 3

*******************TOOLS & UTILITIES******************************

*********** STIX/CybOX Pattern Validator Repository **************

Purpose Statement: The pattern-validator is a software tool for checking the syntax of the Cyber Threat Intelligence (CTI) STIX/CybOX Patterning expressions, which are used within STIX to express conditions (represented with the CybOX data model) that indicate particular cyber threat activity. The repository contains source code, an ANTLR grammar, automated tests and associated documentation for the tool. The pattern-validator can be used as a command-line tool or as a Python library which can be included in other applications.

Initial Maintainers: Greg Back & Ivan Kirillov

Open Source License: BSD-3-Clause License

GitHub Name: cti-pattern-validator

Short Description: OASIS Open Repository: Validate patterns used to express CybOX content in STIX Indicators


*********** STIX Marking-Prototype Repository ********************

Purpose Statement: The marking-prototype is a prototype implementation of granular data markings in STIX. It provides a potential API that can be used to create and process the markings, in order to examine the utility, usability, and completeness of how the granular data markings are specified. After the markings are added to the STIX specification, the code in this library may be used as reference, or incorporated directly into other libraries, but is not intended to be released as a standalone tool or library.

Initial Maintainers: Greg Back & Ivan Kirillov

Open Source License: BSD-3-Clause License

GitHub Name: cti-marking-prototype

Short Description: OASIS Open Repository: Prototype for processing granular data markings in STIX


*********** STIX Visualization Repository ************************

Purpose Statement: The STIX visualization is meant to provide producers and consumers of STIX content with a rapid way to visualize the objects in a STIX JSON file, and the relationships between those objects. The visualization is implemented in HTML, CSS, and JavaScript (using the D3.js library), and is suitable for standalone use--either on a hosted server or as a local file--or embedded into other applications. Regardless of how deployed, the JavaScript code in this repository does not transmit STIX data to any server; it is strictly processed within the browser in which the code is running, so it is suitable for data which the user does not wish to share.

Initial Maintainers: Greg Back & Ivan Kirillov

Open Source License: BSD-3-Clause License

GitHub Name: cti-stix-visualization

Short Description: OASIS Open Repository: Lightweight visualization for STIX 2.0 objects and relationships


*********** STIX Validator Repository ******************************

Purpose Statement: The STIX validator checks that STIX JSON content conforms to the requirements specified in the STIX 2.0 specification. In addition to checking conformance with the JSON schemas, the validator checks conformance with requirements that cannot be specified in JSON schema, as well as with established "best practices". This validator is non-normative; in cases of conflict with the STIX 2.0 specification, the specification takes precedence.

Initial Maintainers: Greg Back & Ivan Kirillov

Open Source License: BSD-3-Clause License

GitHub Name: cti-stix-validator

Short Description: OASIS Open Repository: Validator for STIX 2.0 JSON normative requirements and best practices


****** Documentation Repository [ STIX | CybOX | TAXII]**********

Purpose Statement: This repository is a GitHub Pages site storing non-normative information about the work of the CTI Technical Committee.

Initial Maintainer: Greg Back

Open Source License: BSD-3-Clause License

GitHub Name: cti-documentation

Short Description: OASIS Open Repository: GitHub Pages site for STIX, CybOX, and TAXII

 [ ]  Yes
 [ ]  No
 [ ]  Abstain
Opening:   Friday, 2 September 2016 @ 01:00 pm EDT
Closing:   Saturday, 10 September 2016 @ 11:59 pm EDT
Group:   OASIS Cyber Threat Intelligence (CTI) TC
Ballot has closed.

Referenced Items
Name Type Date Action
Document
2016-09-10

Voting Details

Voting Summary

Options with highest number of votes are bold

Option # Votes % of Total
Eligible members who have voted: 30 of 59 51%
Eligible members who have abstained: 0 of 59 0%
Eligible members who have not voted: 29 of 59 49%

Voting Details

Voter Company VoteReference Document and/or Comment
Dean Thompson
Australia and New Zealand Banking Group (A...
--
 
Alexander Foley
Bank of America
--
 
Bret Jordan
Blue Coat Systems, Inc.
Yes
 
Sarah Kelley
Center for Internet Security (CIS)
Yes
 
Joey Peloquin
Citrix Systems
Yes
 
Jane Ginn
Cyber Threat Intelligence Network, Inc. (C...
Yes
Richard Struse
DHS Office of Cybersecurity and Communicat...
--
 
Will Urbanski
Dell
Yes
 
David Eilken
Financial Services Information Sharing and...
--
 
Shyamal Pandya
FireEye, Inc.
--
 
Paul Patrick
FireEye, Inc.
Yes
 
Ryusuke Masuoka
Fujitsu Limited
Yes
 
Tomas Sander
Hewlett Packard Enterprise (HPE)
Yes
 
Kazuo Noguchi
Hitachi, Ltd.
--
 
Masato Terada
Hitachi, Ltd.
Yes
 
Jason Keirstead
IBM
--
 
Ron Williams
IBM
Yes
 
Elysa Jones
Individual
--
 
Terry MacDonald
Individual
Yes
 
Patrick Maroney
Individual
Yes
Tim Casey
Intel Corporation
Yes
 
Beth Pumo
Kaiser Permanente
Yes
 
Trey Darley
Kingfisher Operations, sprl
Yes
 
Chris Wood
LookingGlass
--
 
Allan Thomson
LookingGlass
Yes
 
Lee Vorthman
LookingGlass
Yes
 
Ian Truslove
LookingGlass
Yes
 
Sean Barnum
Mitre Corporation
--
 
Jonathan Baker
Mitre Corporation
Yes
 
John Wunder
Mitre Corporation
Yes
 
Ivan Kirillov
Mitre Corporation
Yes
 
Richard Piazza
Mitre Corporation
Yes
 
Greg Back
Mitre Corporation
Yes
 
Takahiro Kakumaru
NEC Corporation
--
 
Daniel Riedel
New Context Services, Inc.
--
 
Andrew Storms
New Context Services, Inc.
--
 
Christian Hunt
New Context Services, Inc.
--
 
James Moler
New Context Services, Inc.
--
 
John-Mark Gurney
New Context Services, Inc.
Yes
 
Mark Clancy
Soltra
--
 
Aharon Chernin
Soltra
--
 
Ali Khan
Soltra
--
 
Michael Pepin
Soltra
--
 
Chris Kiehl
Soltra
--
 
Natalie Suarez
Soltra
--
 
Raymond Keckler
Soltra
--
 
Michael Butt
Soltra
Yes
 
John Anderson
Soltra
Yes
 
Mark Davidson
Soltra
Yes
 
Greg Reaume
TELUS
--
 
James Bohling
US Department of Defense (DoD)
--
 
Jeffrey Mates
US Department of Defense (DoD)
--
 
Gary Katz
US Department of Defense (DoD)
Yes
 
Mike McLellan
United Kingdom Cabinet Office
--
 
Chris Taylor
United Kingdom Cabinet Office
--
 
Laurie Thomson
United Kingdom Cabinet Office
--
 
Iain Brown
United Kingdom Cabinet Office
--
 
Robert Coderre
VeriSign
Yes
 
Kyle Maxwell
VeriSign
Yes