ITU Feedback

[ejratl]

Review and accept/reject alterations that were requested by the ITU as described in the draft document.

• [x] Reference STIX Best Practices Guidelines
• [x] Remove references to government documents
• [x] Remove FireEye references
• [x] Remove links to Github, including links to cti-stix2-json-schemas
• [x] Remove reference to Lockheed Martin Kill Chain
• [x] Remove language considered pejorative
• [x] Remove references to STIX 2.0
• [x] Remove references to Casey documents
• [x] Remove ANTLR Grammar

[ejratl]

There is a request to remove the following: This section including vocabulary items and their descriptions is based on the Threat Agent Library publication from Intel Corp in September 2007 <>. This gives credit for the prior art in the field - if we remove the credit, do we need to also remove some of the vocabulary items?

[ejratl]

There is a request to remove the following: If objects are found where this property is not present, the implicit value for all STIX Objects other than SCOs is [stixliteral]#2.0#. This damages the understandability of parsing an object, so it should go into the Best Practices document as a note.

[ejratl]

Rather than removing the informative statement that actor types are not mutually exclusive, I would like to adapt it to change the types: -Actor types are not mutually exclusive: a threat actor can be both a disgruntled insider and a spy. <> +Actor types are not mutually exclusive: a threat actor can be both a disgruntled insider and a sensationalist.

[ejratl]

The PR includes the feedback referenced at the beginning of the document. A full scan of the document is still needed to look for other changes - for example, IANA Considerations was renamed to Considerations - do we want to make this change as well?