OASIS Open: Committees

Vote Details

Ballot: CTI Common Proposal

Company:

Soltra

Vote:

No

Comment:

I will be voting no on the resolution as phrased. My position on CTI Common is that we currently don�t have enough information to know whether it should be a standards-track work product. I am 100% on board with keeping the document and continuing work on it (i.e., what we have been doing) as a way to help answer these questions. My no vote does not constitute a vote to destroy the document/concept. I will list my open questions below, and I will change my vote if they can be answered sufficiently.

My open questions are:

1. What will the CTI Common conformance clauses look like? OASIS specifications are required to have a conformance section, and each specification we produce must be meaningful enough to stand on it�s own.

2. What types of software will claim conformance to CTI Common on it�s own?

3. Is there a solution to the STIX->CTI Common->CybOX cyclic dependency that I have raised?
1. Any change to STIX that impacts CTI Common will essentially force a revision to CybOX.

4. How will the overall �STIX� conformance clause be phrased? Implementers want to say they are �STIX 2.0 conformant�. Will it be �STIX 2.0 means CTI Common 1.0, STIX 2.0, CybOX 3.0�?

5. Why do downstream users of our work require this separation?
1. We have heard the �what" (that a separate document is desired) from some, but I haven�t seen �why� clearly articulated. Since downstream users are being used as a reason for this separation, the group deserves the �why� to be clearly articulated.

6. Why do Observations (nee Observables) need a different treatment from other STIX Top Level Objects (relationships, indicators, etc). I realize there is historic precedence for CybOX being separate, but this group has the power to re-evaluate whether that historic separation still makes sense.

I will reiterate that these open questions are reasons to keep working on CTI Common � to help answer them. However, for me and at this time, they are the reasons that I cannot definitively say that I think CTI Common should become it�s own work product and they are the reasons I will be voting no. That said, we have a two week discussion period and I am open to changing my vote.

Thank you.
-Mark