Attached is the MTI Evaluation Criteria Matrix I was referring to in the
previous post. Corrections, adjustments, revisions welcome.
On 10/19/2015 8:33 AM, Jerome Athias wrote:
> Thank you very much Jane for this effort and sharing information.
>> Hi STIX Subcommittee Members:
>> I've been reading with great interest the ongoing debate about establishing
>> a Mandatory To Implement (MTI) binding for moving us forward on STIX 2.0.
>> Before Sean suggested that we table it for a while he had made the point
>> that we need to take 4 keys steps to move discussions forward in a
>> systematic way. I'll paraphrase here.
>> We need to establish:
>> 1) Requirements and evaluation criteria for selecting an MTI binding;
>> 2) Binding options (capabilities & limitations);
>> 3) A review process to determine how each option would/could meet our
>> evaluation criteria; and
>> 4) A way to guage the priorities and preferences of our members.
>> To advance this agenda I have begun to put together a matrix (see attached)
>> to capture the following:
>> HORIZONTAL AXIS: Evaluation criteria gleaned from the substantive
>> discussions. [Item 1, above]
>> VERTICAL AXIS: Technology stack as characterized by Sean, Cory, Shawn and
>> others. [Refinement to Item 1, above]
>> MATRIX CELLS: Candidate technologies that I have heard mentioned by members
>> of the TC and other interested parties. [Item 2, above]
>> Note that this is just a first cut. I'm offering it here as a potential
>> framework (straw man) for advancing these discussions in a manner that will
>> help us reach a concensus sooner, rather than later. I challenge those of
>> you with an interest in this matter to edit this matrix liberally to help
>> make it really reflect group think. Perhaps it should be added to the wiki
>> for that; which might address Item 3, above.
>> Note that I also acknowledge that any MTI selected for STIX must also
>> accommodate the needs of CybOX. A similar sort of matrix could be
>> constructed for that MTI selection process, if needed.
>> To address Item 4 I'd like to suggest a Survey Monkey survey that captures
>> some of the ideas that get flushed out in the matrix and gives us a
>> quantitative guage of member preferences.
>> All for now,
>> Jane Ginn, MSIA, MRP
>> Cyber Threat Intelligence Network, Inc.