cti-cybox message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti-stix] Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [EXT] [cti-cybox] Agenda for August 8 Working Call
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: Allan Thomson <athomson@lookingglasscyber.com>
- Date: Wed, 9 Aug 2017 14:35:00 -0300
That said... I would be extremely strongly
against requiring IEP in any interoperability profile.
Data markings have many uses, but there
are entire swaths of the cybersecurity space to which they are simply not
applicable. There is no way we can mandate marking support in interoperability
testing without excluding whole segments of the market.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security
Without data, all you are is just another person with an opinion - Unknown
From:
Allan Thomson <athomson@lookingglasscyber.com>
To:
Bret Jordan <Bret_Jordan@symantec.com>,
"Back, Greg" <gback@mitre.org>
Cc:
"cti-stix@lists.oasis-open.org"
<cti-stix@lists.oasis-open.org>, "cti-cybox@lists.oasis-open.org"
<cti-cybox@lists.oasis-open.org>
Date:
08/08/2017 12:51 AM
Subject:
[cti-stix] Re:
[cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [EXT] [cti-cybox] Agenda
for August 8 Working Call
Sent by:
<cti-stix@lists.oasis-open.org>
We have not finished interop test specification
for STIX 2.0 so until we have done that, it’s premature to be talking
about what STIX 2.1 interop will or will not do.
Part 1 ballot is still outstanding.
Getting the TC to focus on Interop 2.0 is hard enough.
Allan
Thomson
CTO
+1-408-331-6646
LookingGlass
Cyber Solutions
From: OASIS list <cti-cybox@lists.oasis-open.org>
on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date: Monday, August 7, 2017 at 7:58 PM
To: "Back, Greg" <gback@mitre.org>
Cc: "cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>,
OASIS list <cti-cybox@lists.oasis-open.org>
Subject: Re: [cti-cybox] Re: [cti-stix] Re: [cti-cybox] Re: [EXT] [cti-cybox]
Agenda for August 8 Working Call
Those are good questions. The
specification will not mandate, or I hope will not mandate, the use of
IEP, but is the interop SC going to mandate it in their profiles?
Bret
Sent from my iPhone
On Aug 7, 2017, at 7:46 PM, Back, Greg <gback@mitre.org>
wrote:
As long as we aren’t mandating all
consumers (and producers, though I’m more worried about consumers) to
implement IEP, I’m fine with this. I’m also fine with using interoperability
to promote the use of IEP, and (hopefully) letting market forces make IEP
used universally.
On 2017-08-07, 19:01 UTC, "cti-stix@lists.oasis-open.orgon behalf of Struse, Richard J." <cti-stix@lists.oasis-open.orgon behalf of rjs@mitre.org>
wrote:
Meant to say: “…that we are NOTrequiring IEP nor…”
From: <cti-stix@lists.oasis-open.org>
on behalf of Richard Struse <rjs@mitre.org>
Date: Monday, August 7, 2017 at 2:59 PM
To: Bret Jordan <Bret_Jordan@symantec.com>,
"Wunder, John A." <jwunder@mitre.org>,
"cti-stix@lists.oasis-open.org"
<cti-stix@lists.oasis-open.org>,
"cti-cybox@lists.oasis-open.org"
<cti-cybox@lists.oasis-open.org>
Subject: [cti-stix] Re: [cti-cybox] Re: [EXT] [cti-cybox] Agenda for
August 8 Working Call
Since we began this work there has been
a clear recognition that TLP, while useful, isn’t sufficient to represent
the sorts of policy expressions that are required to truly enable CTI sharing
ecosystems. The FIRST community is exactly the sort of hands-on community
best suited to develop such policy frameworks and it doesn’t seem like
there are any competing policy frameworks under consideration. Given
that, and the fact that we are requiring IEP nor are we “tying” STIX
to IEP (or vice-versa), it seems worthwhile to do the work necessary to
figure out how to best support those communities that wish to use IEP.
Is there anyone actively opposed to
the TC figuring out how we might support IEP?
From: <cti-cybox@lists.oasis-open.org>
on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date: Monday, August 7, 2017 at 2:45 PM
To: "Wunder, John A." <jwunder@mitre.org>,
"cti-stix@lists.oasis-open.org"
<cti-stix@lists.oasis-open.org>,
"cti-cybox@lists.oasis-open.org"
<cti-cybox@lists.oasis-open.org>
Subject: [cti-cybox] Re: [EXT] [cti-cybox] Agenda for August 8 Working
Call
On the IEP front, we need to make sure
the TC wants to do it before we figure out how we should do it. I
would love to see some discussion over email first, before we tackle it
on a working call that only has a subset of the membership. In other
words, a working call is not a good place to decide "if" we should
do something. It is a great place to figure out "how" we
should do it, once the TC has sufficiently debated and decided to do it.
Bret
From: cti-cybox@lists.oasis-open.org<cti-cybox@lists.oasis-open.org>
on behalf of Wunder, John A. <jwunder@mitre.org>
Sent: Monday, August 7, 2017 9:11 AM
To: cti-stix@lists.oasis-open.org;
cti-cybox@lists.oasis-open.org
Subject: [EXT] [cti-cybox] Agenda for August 8 Working Call
All,
We have three topics for the working
call this week:
1. Continue work
on DNS Request/Response
2. Continue work
on Location, in particular discuss ISO 3166
3. Discuss inclusion
of IEP (how we should do it)
John
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]