All,
Here is the complete list of inconsistencies I found. The ones in red text we talked about on the last working call.
- Malware Object - Name is optional, boolean is called is_family versus just "family"
- We talked about name being optional and there is some good use cases for malware when you do not yet know a name, so optional really is key
- Is_Family is weird. We do not say "is_revoked" or "is_defanged". We should probably just call this "family"
- Indicator Object - Name is optional.
- We talked about this and many people wanted it required, but we decided to keep it optional and add a normative SHOULD to say it should be filled out.
- Grouping Object - Name is optional
- Is there a reason why you would not have a name for this?
- Sighting Object - Does not have a description like the Relationship object.
- Is there a reason why we would not want to have this?
- Marking Definition - Name is optional, there is no description defined.
- We can not really make name required at this point, since the defined TLP markings do not have it. I guess we could, but it would require some text to explain why the TLPs did not have it, but it is NOW required.
- I am not sure why it does not have a description
- Location Object - Does not have a name.
- I am not sure why this is missing. It seems like you would want or need the ability to call a location something. "Joe's Internet Cafe". Further, this should probably be required.
- SCOs - spec_version is optional
- Are we going to have problems because some SCOs have changed from 2.0 to 2.1
Bret
|