Standards are essential; without them, the internet would not exist. In open source, organisations like the Linux Foundation drive such standards, as seen with OpenTelemetry, now widely adopted despite early scepticism. In cybersecurity, STIX/TAXII plays a similar role. Though often criticised, it remains vital, particularly for cyber threat intelligence and detection rule sharing. Its value extends beyond technical integration to fostering collaboration, a key element in strengthening the detection chain. This presentation explains why STIX/TAXII is crucial for collaboration, how it accelerates processes, and the insights it enables. It also addresses its limitations and highlights how the National Cyber Security Centre is helping improve the standard. The aim is to enhance efficient intelligence sharing, maximise its impact, and encourage broader vendor adoption.
