[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: STIX 2.0 Proposal3: Add Alternative_IDs to all top level objects (#358, #187)
| This also makes a lot of sense. The one area I would caution is that these fields will never have a defined vocabulary (way to many tools and logic engines) and thus should always be treated as free form. A few comments: 1) I would also say that the reference should be required and the definer would be optional. 2) I am not sure why the reference is a "URI object", I think it would be best if this was just a String object so as not to give any false ideas about what might be in this data field. 3) We need to make sure we are consistent with plurality, meaning, when the label contains an array, we need to make sure the label name is plural. So it should be "alternative_ids" not "alternative_id" 4) Can we look at abbreviations where they make sense or where they are common in IT/InfoSec today? Namely can we look at changing "alternative_id" to "alt_ids" 5) I am not sure about the whole "indicator_type" field. Maybe I just do not understand what you mean here, but right now I am thinking it is a bit weird. Can you give a more fleshed out example of that would be mean / look like? Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." |
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]