Re: [cti-stix] [cti-users] MTI Binding

["Jordan, Bret" <bret.jordan@bluecoat.com>]

While I no longer consider myself a true academic, one thing is for sure, I am not a professional data modeler.  Debating the values of OWL or UML is not interesting to me, sorry.  What I care about, and the whole reason I started the JSON debate 18+ months ago and have been pushing so hard for JSON, is market adoption.  

If we do not gain wide spread adoption / get across the chasm and go mainstream then it really does not matter how neat and cool our data model is.  Yes there will also be some people / groups that will use it, there are people still using IODEF, OpenIOC, VERIS, CIF, MILE, OTX, etc, but we run the risk of some YACS gaining massive market share and becoming de facto standard.  

My vision for STIX and TAXII is:

1) One-way of doing things

2) Simple to understand and easy to use

a) Reduce the cost of entry for organization to implement, use, and work with STIX and TAXII

3) Very fluid and easy transport of CTI between users, groups, orgs, devices, and products.

a) A transports that allows tools to be written that mimic and enhance the workflow of security analysts today

4) Powerful model that can allow very expressive capture of threats

Thanks,

Bret

Bret Jordan CISSP

Director of Security Architecture and Standards | Office of the CTO

Blue Coat Systems

PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

On Oct 2, 2015, at 18:45, Jane Ginn <jane.ginn@gmail.com> wrote:

Hi All:

While reading through this thread it occurred to me that the JSON-LD suggestion represents a significant shift in the level at which we are approaching the problem set. Cory has long been arguing for us to shift our focus to a semantic model that can serve as a language agnostic approach to solving the CTI sharing problem. Bret has been pushing for JSON as a tool to help us achieve more wide spread adoption. We currently have bindings in XML and Python... but no MTI for moving forward with STIX 2.0.

JSON-LD appears to address several of our issues at a higher level of abstraction.

I'm also intrigued by the potential, from the POV of STIX cosumers, at how PMML can be deployed seamlessly to use wire speed data on attacks for predictive modelling... or at least deploying the myriad of tools for predictive modelling. I expect this is an area of white space in the market that will be picked up by a vendor and developed as an enterprise solution. We just need to get the front end right for the integration.

Jane Ginn
Cyber Threat Intelligence Network

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail