[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: Embedded Content vs Referenced Content
Good points John. To be clear I do not believe there is really a problem for producers. The problem I am trying to address is for consumer. Doing as Aharon has suggested in STIX 2.0 would greatly decrease the complexity for a consumer. This proposal along with others, can really move the needle and help us gain adoption. Here is a thought exercise to illustrate some of the problems we face. Imagine 20 very desperate producers of STIX & CybOX content and a single consumer, where some level of trust exists between all parties. The consumer gets a series of arbitrary STIX 1.2 + CybOX documents from the producers where the content can containing some or all of the idioms. Keep in mind the enormous amount of optionality, the multiple ways of doing things in STIX and CybOX, and the ideas that some content can be embedding or referencing when thinking about this. Now start writing a decision tree in code, say in C or C++, to process these arbitrary STIX documents to pull something actionable from them. If you do not write code, this may appear to be easy, so ask one of your developers to help you. I strongly support the ideas that Aharon has called out below for STIX 2.0. I would also challenge the community to look for ways to reduce optionality and honestly adopt core values of "simplicity" and "one way of doing things". Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]