OASIS Open

Which path should the TC take to release STIX 2.1?

While the slate of features targeted for the STIX 2.1 release has remained relatively static, there is a substantial amount of work ahead of us. A number of deficiencies with the 2.0 specifications were identified at the Salt Lake City interop plugfest (primarily TAXII-related) and there was general consensus that new work should be required to meet a higher level of verification prior to being included in future releases of STIX and TAXII so as to minimize backward-breaking changes. After lengthy discussion within the TC, three distinct options have emerged for our way forward to the 2.1 STIX Committee Specification (CS). These break down along two axes: feature scope and verification intensity. The options are as follows:

Option #1: Full scope STIX 2.1 release, with additional validation

Option #2: Limited scope STIX 2.1 release, with no immediate additional validation - additional validation starting from STIX 2.2

Option #3: Limited scope STIX 2.1 release, including additional validation - as described in Option 1

Each of the options has a document that provides more detail about that option. Here are the links:

Option #1: https://www.oasis-open.org/apps/org/workgroup/cti/download.php/62810/Proposal%20%231.pdf

Option #2: https://www.oasis-open.org/apps/org/workgroup/cti/download.php/62811/Proposal%20%232.pdf

Option #3: https://www.oasis-open.org/apps/org/workgroup/cti/download.php/62812/Proposal%20%233.pdf