ITU Feedback

[ejratl]

Review and accept/reject alterations that were requested by the ITU as described in the draft document.

• Reference STIX Best Practices Guidelines
• Remove references to government documents
• Remove FireEye references
• Remove links to Github, including links to cti-stix2-json-schemas
• Remove reference to Lockheed Martin Kill Chain
• Remove language considered pejorative
• Remove references to STIX 2.0
• Remove references to Casey documents
• Remove ANTLR Grammar

[ejratl]

There is a request to remove the following:
This section including vocabulary items and their descriptions is based on the Threat Agent Library publication from Intel Corp in September 2007 <<Casey_2007>>.
This gives credit for the prior art in the field - if we remove the credit, do we need to also remove some of the vocabulary items?

[ejratl]

There is a request to remove the following:
If objects are found where this property is not present, the implicit value for all STIX Objects other than SCOs is [stixliteral]#2.0#.
This damages the understandability of parsing an object, so it should go into the Best Practices document as a note.

[ejratl]

Rather than removing the informative statement that actor types are not mutually exclusive, I would like to adapt it to change the types:
-Actor types are not mutually exclusive: a threat actor can be both a disgruntled insider and a spy. <<Casey_2007>>
+Actor types are not mutually exclusive: a threat actor can be both a disgruntled insider and a sensationalist.

[ejratl]

The PR includes the feedback referenced at the beginning of the document. A full scan of the document is still needed to look for other changes - for example, IANA Considerations was renamed to Considerations - do we want to make this change as well?