[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti-comment] STIX 2.0 Relationship Comment
This appears to be a reasonable suggestion, however, a close analysis of the definition of the SDOs shows that the Indicator, as the fundamental element of
intelligence, focuses more on providing information to objectively describe or indicate a specific “Intrusion Set”, not a Vulnerability.
Dr Edilson Arenas, Ph.D.
P
Please consider the environment before printing this message. From: cti-comment@lists.oasis-open.org [mailto:cti-comment@lists.oasis-open.org]
On Behalf Of Mckay, Terrance L Upon review of the STIX 2.0 standard I have found what appears to be a missing relationship between the Indicator and Vulnerability objects. It would seem prudent that an "Indicator" object would be able to "indicate" a "Vulnerability".
However the draft standard does not list this as a defined type of relationship. I believe this is an important relationship for the standard, as being able to publish proactive indicators that indicate a vulnerability would be very beneficial to detect and
remediate a vulnerability before it is exploited by an adversary. Thanks for your consideration in adding this to the standard. Terrance McKay Critical Infrastructure Analyst Email:
Terrance.McKay@inl.gov |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]