Closed dc3-tsd closed 2 years ago
rpiazza
commented
3 years ago Hi @DC3-DCCI,
One of the things we want to require is a Word document ala the specification describing the extension. You should be able to c & p the Incident stub doc from the spec Word doc as a starting point (https://docs.oasis-open.org/cti/stix/v2.1/os/stix-v2.1-os.docx)
dc3-tsd
commented
3 years ago Thanks, we will get something drafted and hope to have it ready for review in the next three weeks.
rpiazza
commented
3 years ago Hi @DC3-DCCI
Just had a chance to look at the new additions. It isn't a good idea to use type as a property name, since it is kinda a "reserved word" in the STIX spec. Here is some normative text from section 7.3:
This extension mechanism MUST NOT be used to redefine existing standardized objects or properties
Also if you want TC members to do a proper review, they need "spec"-like documentation.
dc3-tsd
commented
3 years ago Thanks we will adjust the terms used for these. We do apologize about not being able to share out the Word document on GitHub yet. Some of the definitions for open vocabulary items are still undergoing review.
This is adding a proposed 0.2.2 version of a STIX Incident Core property extension for public review and consideration along with several examples of ways this extension can be used for reporting and tracking Incident information.
DC3 does not yet consider this fully stable as only internal testing has been performed against it, and it has not yet completed a public review.