[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-cybox] CybOX Object Selection
On 02.02.2016 13:44:00, Jason Keirstead wrote: > ". Maybe what we really need is a “malware analysis” subset, a “digital > forensics” subset, etc." > > Yep that is what I am saying I suppose. > > Cybox Base > Cybox Network > Cybox Digital Forensics > Cybox Malware > > That way a product can more easily specify what they support. And, > people looking for products can more easily align expectations. > Hey, Jason - This is precisely the approach Ivan and I intend to pursue in point releases to 3.0. The idea for 3.0 is, let's get the core CybOX abstract type definitions right and refactor the set of core MVP Observable types selected. Then, say, for 3.1, we as a community decide to prioritize the digital forensics domain. So we'll pull together a constituency of subject matter experts to guide the creation / refactoring of additional Observable types focused on digital forensics use cases. In parallel to the ongoing 3.0 effort, I'd like to see us: 0) Assemble a list of use case categories a la: * network * digital forensics * malware analysis * mobile * virtualization * ... 1) Prioritize that list to produce a point release roadmap. 2) Work to identify subject matter experts to guide those discussions, reach out, get them on board, and execute the timeline. Thoughts? -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "For all resources, whatever it is, you need more." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]