[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] IP Address Notation (or: I Love CIDR When It's Talking About More Than One IP Address)
On 21.01.2016 14:38:52, John Anderson wrote: > > Yes, let's use ABNF for describing low-level machine-parsable > grammars. > STIX and CybOX are supposed to be machine-parsable grammars. That's the entire point! Now ABNF may be too low-level or not viable for JSON-Schema, as Ivan pointed out, but in defining these grammars we MUST address field-level input validation, both for basic interoperability and to avoid inviting crafted-input attacks due to parsing differentials between independent implementations. -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "In protocol design, perfection has been reached not when there is nothing left to add, but when there is nothing left to take away." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]