cti-stix message

Subject: Re: [cti-stix] Re: Object ID format

From: John Anderson <janderson@soltra.com>
To: Trey Darley <trey@soltra.com>
Date: Thu, 21 Jan 2016 14:51:01 +0000

Trey,

I agree with this thought: "Threat intel is less than worthless if your adversary knows what you know." I'm not suggesting we put all our Resources in the clear with no Authorization/Authentication. That would indeed be stupid.

However, end-to-end encryption and Auth/Auth is a solved problem for web apps. Even Federated Identity, if we want to use it. (SAML 2.0, OpenID, etc.) We can absolutely share objects via the web without the Bad Guys finding out.

So, about "Wholesale webification of CTI is no panacea."...yes and no. Sure, the Web is no panacea. BUT...It would be unbelievably freeing to have a URL for every Object. Then, if you want to know more, just browse to it! (Assuming the publisher's server is accessible to you.)

JSA

Follow-Ups:
- Re: [cti-stix] Re: Object ID format
  - From: Trey Darley <trey@soltra.com>
- Re: [cti-stix] Re: Object ID format
  - From: "Barnum, Sean D." <sbarnum@mitre.org>

References:
- Object ID format
  - From: Terry MacDonald <terry@soltra.com>
- Re: Object ID format
  - From: John Anderson <janderson@soltra.com>
- Re: [cti-stix] Re: Object ID format
  - From: Trey Darley <trey@soltra.com>