-
Notifications
You must be signed in to change notification settings - Fork 7
STIX 2.0 Round 1 Strawman Proposals
This set of independent but integrated proposals are a contribution by STIX SC experts rather than any sort of authoritative contribution from the co-chairs.
The STIX 2.0 Round 1 Strawman proposals include 18 proposals covering 22 tracker issues including:
- 6 Top Ten Roadmap issues (#306, #148, #291, #221, #201, #360)
- 16 other issues
All proposed changes across the entire set of proposals currently exist in a STIX 2.0 Round 1 Strawman model derived from the STIX 1.2.1 model with deltas attributable to the issues covered in the proposals.
Due to the interdependencies and interactions between the changes for different issues each proposal, its proposed model fragments and its JSON serialization example snippets will often include changes from other issues and proposals.
The JSON example snippets provided in the proposals are intended to be illustrative rather than normative. Style can easily change, type and property names need a naming convention consistency pass across entire model, kept as simple as possible, and there are likely errors here and there.
It is our intent to provide JSON Schema serialization snippets in addition to the JSON serialization example snippets. We have not had time to pull them together yet. Assistance would be appreciated.
The STIX 2.0 Round 1 Strawman draft UML model is available in the ?? branch of the specifications repository.
We will tackle these proposals in discussions on the cti-stix list but also please feel free to register your thoughts and feedback within the relevant issues within the STIXProject/Schemas tracker on github.
Links to Proposals:
- STIX 2.0 Proposal1 : Extend core constructs from a single base class (#148)
- STIX 2.0 Proposal2 : Make IDs required (#221)
- STIX 2.0 Proposal3: Add Alternative_IDs to all top level objects (#358, #187)
- STIX 2.0 Proposal4: Remove Short_Description (#194)
- STIX 2.0 Proposal5 : Abstract Source to top level construct rather than embedded only within other constructs (#233)
- STIX 2.0 Proposal6 : Remove the @id@idref attribute from some constructs (#336)
- STIX 2.0 Proposal7 : Make Observable structure align with other components (#160)
- STIX 2.0 Proposal8 : Remove either embedded or referenced relationships (#201)
- STIX 2.0 Proposal9 : Abstract relationships as top level constructs rather than embedded within other constructs (#291)
- STIX 2.0 Proposal10 : Make field names consistent for usages of Information Source (#263)
- STIX 2.0 Proposal11 : Abstract Sightings into an independent construct rather than embedded within Indicator (#306)
- STIX 2.0 Proposal12 : Clarify semantics of different types of TTPs as expressed in the TTP construct (#360)
- https://github.com/STIXProject/specifications/wiki/STIX-2.0-Proposal12-:-Clarify-semantics-of-different-types-of-TTPs-as-expressed-in-the-TTP-construct-(%23360)
- STIX 2.0 Proposal13 : Refactor Kill Chain Types (#117, #191, #241, #190, #47)
- STIX 2.0 Proposal14 : Flatten list layers in Package (#382)
- STIX 2.0 Proposal15 : Remove abstract base types for "top level" objects (#386)
- STIX 2.0 Proposal16 : Refactor Report Object (#385)
- STIX 2.0 Proposal17: Clarify semantics of different types of Exploit Targets as expressed in the Exploit Target construct (#387)
- STIX 2.0 Proposal18: Abstract Victim to top level construct rather than embedded only within Incident and TTP (#149)