Invitation to comment on #STIX™ v2.0 - ends June 1st

We are pleased to announce that STIX™ Version 2.0 from the OASIS Cyber Threat Intelligence (CTI) TC is now available for public review and comment. This release has been updated based on feedback from the first public review. The comments received in that review and their resolution can be found at http://docs.oasis-open.org/cti/stix/v2.0/csprd01/stix-v2.0-csprd01-comme....

Structured Threat Information Expression (STIX) is a language and serialization format used to exchange cyber threat intelligence (CTI). STIX enables organizations to share CTI with one another in a consistent and machine readable manner, allowing security communities to better understand what computer-based attacks they are most likely to see and to anticipate and/or respond to those attacks faster and more effectively. STIX is designed to improve many different capabilities, such as collaborative threat analysis, automated threat exchange, automated detection and response, and more.

In response to lessons learned in implementing previous versions, STIX has been significantly redesigned and, as a result, omits some of the objects and properties defined in STIX 1.2.1 (see STIX Version 1.2.1 Part 1: Overview at http://docs.oasis-open.org/cti/stix/v1.2.1/stix-v1.2.1-part1-overview.html). The objects chosen for inclusion in STIX 2.0 represent a minimally viable product (MVP) that fulfills basic consumer and producer requirements for CTI sharing. Objects and properties not included in STIX 2.0, but deemed necessary by the community, will be included in future releases.

STIX v2.0 is developed by the OASIS Cyber Threat Intelligence (CTI) TC. The CTI TC is developing information representations and protocols to help industries, organizations, and governments model, analyze, and share cyber threat intelligence.

STIX is published in five parts. The documents and related files are available here:

STIX Version 2.0
Committee Specification Draft 02 / Public Review Draft 02
03 May 2017

Part 1: STIX Core Concepts

Editable source (Authoritative):
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part1-stix-core/stix-v2...

HTML:
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part1-stix-core/stix-v2...

PDF:
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part1-stix-core/stix-v2...

Part 2: STIX Objects

Editable source (Authoritative):
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part2-stix-objects/stix...

HTML:
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part2-stix-objects/stix...

PDF:
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part2-stix-objects/stix...

Part 3: Cyber Observable Core Concepts

Editable source (Authoritative):
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part3-cyber-observable-...

HTML:
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part3-cyber-observable-...

PDF:
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part3-cyber-observable-...

Part 4: Cyber Observable Objects

Editable source (Authoritative):
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part4-cyber-observable-...

HTML:
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part4-cyber-observable-...

PDF:
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part4-cyber-observable-...

Part 5: Patterning

Editable source (Authoritative):
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part5-stix-patterning/s...

HTML:
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part5-stix-patterning/s...

PDF:
http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part5-stix-patterning/s...

ZIP distribution file:

For your convenience, OASIS provides a complete package of the prose specification and related files in a ZIP distribution file. You can download the ZIP file here:

http://docs.oasis-open.org/cti/stix/v2.0/csprd02/stix-v2.0-csprd02.zip

Public Review Period:

OASIS and the CTI TC value your feedback. We solicit comments from potential users, developers and others, whether OASIS members or not, for the sake of improving the interoperability and quality of its technical work.

The public review starts 18 May 2017 at 00:00 UTC and ends 01 June 2017 at 11:59 UTC.

The specification was previously submitted for public review [2]. This 15-day review is limited in scope to changes made from the previous review. Changes are highlighted in:

Part 1: STIX Core Concepts: http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part1-stix-core/stix-v2...

Part 2: STIX Objects: http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part2-stix-objects/stix...

Part 3: Cyber Observable Core Concepts: http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part3-cyber-observable-...

Part 4: Cyber Observable Objects: http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part4-cyber-observable-...

Part 5: Patterning: http://docs.oasis-open.org/cti/stix/v2.0/csprd02/part5-stix-patterning/s...

Comments may be submitted to the TC by any person through the use of the OASIS TC Comment Facility which can be accessed via the button labeled "Send A Comment" at the top of the TC public home page, or directly at:

http://www.oasis-open.org/committees/comments/form.php?wg_abbrev=cti

Feedback submitted by TC non-members for this work and for other work of this TC is publicly archived and can be viewed at:

http://lists.oasis-open.org/archives/cti-comment/

All comments submitted to OASIS are subject to the OASIS Feedback License, which ensures that the feedback you provide carries the same obligations at least as the obligations of the TC members. In connection with this public review of 'STIX Version 2.0', we call your attention to the OASIS IPR Policy [3] applicable especially [4] to the work of this technical committee. All members of the TC should be familiar with this document, which may create obligations regarding the disclosure and availability of a member's patent, copyright, trademark and license rights that read on an approved OASIS specification.

OASIS invites any persons who know of any such claims to disclose these if they may be essential to the implementation of the above specification, so that notice of them may be posted to the notice page for this TC's work.

Additional information about this specification and the XLIFF TC may be found on the TC's public home page located at:

http://www.oasis-open.org/committees/cti/

========== Additional references:

[1] OASIS Cyber Threat Intelligence (CTI) TC
https://www.oasis-open.org/committees/cti/

[2] Previous public reviews:

30=-day public review, 08 March 2017:
https://lists.oasis-open.org/archives/members/201703/msg00000.html
- Comment resolution log:
http://docs.oasis-open.org/cti/stix/v2.0/csprd01/stix-v2.0-csprd01-comme...

[3] http://www.oasis-open.org/who/intellectualproperty.php

[4] http://www.oasis-open.org/committees/cti/ipr.php
https://www.oasis-open.org/policies-guidelines/ipr#Non-Assertion-Mode
Non-Assertion Mode

Associated TC: 
Cyber Threat Intelligence (CTI)