The long-awaited STIX 2.0 and TAXII 2.0 OASIS Committee Specifications are available as of July 7th, 2017. Passage by a vote of 80% the eligible voters of the Cyber Threat Intelligence Technical Committee (CTI TC) of OASIS made this benchmark in Internet history possible. A useful analogy from recent scientific innovation might be the complete mapping of the human genome, completed in 2003, as explained at the Human Genome Project site. Only, in the case of the Structured Threat Indicator eXchange (STIX) model we have created data objects to map the threat landscape in cyberspace.
For vendors developing products in the STIX 2.0 space, this herald’s a busy time when existing products will be updated from the XML-based 1.x standard to the 2.0-based JSON standard. Its sister standard, the Trusted Automated eXchange for Indicator Information (TAXII) works hand-in-glove with STIX 2.0 and will be used by may ISACs and ISAOs throughout the world for cyber threat intelligence sharing. There’s something happening here. Watch for it.