Re: [cti-interoperability] possible work item

[Jerome Athias <athiasjerome@gmail.com>]

Yes. Meantime maybe the Interoperability TC could help somehow
identifying and inviting (outreach) some folks from related
efforts/projects, while they are more than 2 others, like IODEF,
OpenSOC, ...

2015-10-27 15:14 GMT+03:00 Kirillov, Ivan A. <ikirillov@mitre.org>:
> Jason Lewis from Looking Glass and perhaps some other OpenTPX folks are on
> the list, but I don’t believe there is anyone from Facebook. IMO, given that
> we’re working towards creating an OASIS standard, the onus is on them to
> come participate in the discussions and share their ideas.
>
> Regards,
> Ivan
>
> From: <cti-interoperability@lists.oasis-open.org> on behalf of Jerome Athias
> Date: Tuesday, October 27, 2015 at 8:07 AM
> To: Mark Davidson
> Cc: Jason Keirstead, "terry@soltra.com", Bret Jordan,
> "cti-interoperability@lists.oasis-open.org"
>
> Subject: Re: [cti-interoperability] possible work item
>
> I concur
> Btw I would expect to have some representatives of these efforts already on
> this mailinglist. ?
> Otherwise we should invite them
>
> On Tuesday, 27 October 2015, Davidson II, Mark S <mdavidson@mitre.org>
> wrote:
>>
>> My personal preference would be to work with them to all use the same
>> thing vs. having some form of mapping across them. To me, this means that we
>> would need to be open to accepting ideas from e.g., ThreatExchange and
>> OpenTPX (Note: I’ve taken a quick look and I think there are good things to
>> learn from both). I’ve said this privately to some already: I think
>> ThreatExchange, OpenTPX, et al should be treated as allies in solving the
>> problem of information sharing.
>>
>>
>>
>> Thank you.
>>
>> -Mark
>>
>>
>>
>> From: cti-interoperability@lists.oasis-open.org
>> [mailto:cti-interoperability@lists.oasis-open.org] On Behalf Of Jason
>> Keirstead
>> Sent: Monday, October 26, 2015 4:32 PM
>> To: terry@soltra.com
>> Cc: athiasjerome@gmail.com; bret.jordan@bluecoat.com;
>> cti-interoperability@lists.oasis-open.org; Davidson II, Mark S
>> <mdavidson@mitre.org>
>> Subject: Re: RE: [cti-interoperability] possible work item
>>
>>
>>
>> It might help to get you 50% of the way, but the other 50% is the much
>> longer pole.
>>
>>
>>
>> -
>> Jason Keirstead
>> Product Architect, Security Intelligence, IBM Security Systems
>> www.ibm.com/security | www.securityintelligence.com
>>
>> Without data, all you are is just another person with an opinion - Unknown
>>
>>
>>
>>
>>
>> ----- Original message -----
>> From: Terry MacDonald <terry@soltra.com>
>> Sent by: <cti-interoperability@lists.oasis-open.org>
>> To: "Davidson II, Mark S" <mdavidson@mitre.org>, Jerome Athias
>> <athiasjerome@gmail.com>, "Jordan, Bret" <bret.jordan@bluecoat.com>
>> Cc: "cti-interoperability@lists.oasis-open.org"
>> <cti-interoperability@lists.oasis-open.org>
>> Subject: RE: [cti-interoperability] possible work item
>> Date: Mon, Oct 26, 2015 1:18 PM
>>
>>
>> As a quick throwaway question – would moving to JSON-LD help us ‘map’ our
>> data to OpenTPX or ThreatExchange? My thoughts are that if all three parties
>> can agree to use JSON-LD then it becomes VERY easy to translate the data
>> from one JSON format to another.
>>
>>
>>
>> Cheers
>>
>>
>>
>> Terry MacDonald
>>
>> Senior STIX Subject Matter Expert
>>
>> SOLTRA | An FS-ISAC and DTCC Company
>>
>> +61 (407) 203 206 | terry@soltra.com
>>
>>
>>
>>
>>
>> From: cti-interoperability@lists.oasis-open.org
>> [mailto:cti-interoperability@lists.oasis-open.org] On Behalf Of Davidson II,
>> Mark S
>> Sent: Tuesday, 27 October 2015 12:25 AM
>> To: Jerome Athias <athiasjerome@gmail.com>; Jordan, Bret
>> <bret.jordan@bluecoat.com>
>> Cc: cti-interoperability@lists.oasis-open.org
>> Subject: RE: [cti-interoperability] possible work item
>>
>>
>>
>> (This is really just a somewhat different framing, but I’ll put it in my
>> own words)
>>
>>
>>
>> I’d like to propose that the interoperability SC maintain awareness of
>> related efforts and promote collaboration between the CTI TC and related
>> efforts wherever possible. Specifically, I feel that treating e.g., OpenTPX
>> and ThreatExchange as friendly will be mutually beneficial.
>>
>>
>>
>> I realize this probably pushes the boundary of the term interoperability;
>> if it doesn’t fit in the interop SC, maybe it’s just something we take on at
>> the TC level.
>>
>>
>>
>> Thank you.
>>
>> -Mark
>>
>>
>>
>> From: cti-interoperability@lists.oasis-open.org
>> [mailto:cti-interoperability@lists.oasis-open.org] On Behalf Of Jerome
>> Athias
>> Sent: Friday, October 23, 2015 2:16 PM
>> To: Jordan, Bret <bret.jordan@bluecoat.com>
>> Cc: cti-interoperability@lists.oasis-open.org
>> Subject: Re: [cti-interoperability] possible work item
>>
>>
>>
>> Yeah. At the same time they could be easily challenged, because frankly
>> speaking (Sean could kick my ass), I don't need a new-cool-fancy format to
>> get dshield and malware domains lists integrated in my SIEM. CSV is fine
>>
>> On Friday, 23 October 2015, Jordan, Bret <bret.jordan@bluecoat.com> wrote:
>>
>> One thing I would like to see this group work on is:
>>
>>
>>
>> * Outreach...  Meaning I would like to have us do outreach to the new
>> OpenTPX group and the Facebook ThreatExchange group and see what kind of
>> give-n-take would be needed for us to combine efforts.
>>
>>
>>
>> From looking at it, I am guessing that each group would need to give a
>> little. But I think a unified solution would be greater than the sum of the
>> parts.  Yes, it will challenge some of the things we have done in STIX, but
>> some of the things in OpenTPX and FB ThreatExchange are neat.  And we should
>> really look in to doing them.
>>
>>
>>
>>
>>
>> Thanks,
>>
>>
>>
>> Bret
>>
>>
>>
>>
>>
>>
>>
>> Bret Jordan CISSP
>>
>> Director of Security Architecture and Standards | Office of the CTO
>>
>> Blue Coat Systems
>>
>> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
>>
>> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that
>> can not be unscrambled is an egg."
>>
>>
>>
>>
>> --------------------------------------------------------------------- To
>> unsubscribe from this mail list, you must leave the OASIS TC that generates
>> this mail. Follow this link to all your TCs in OASIS at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php