[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Motion to accept Report, Attack Pattern, Campaign, Controlled Vocabulary, Open Vocabulary, Vocabulary Extension, String, External References, and Kill Chain Phase as Consensus
That is what we had before, however, after a lot of debate and discussion, we decided to go this route.... An "open-vocabulary" is just a string field that is somewhat known so it has some suggested values. You do not need to use the suggested items at all if you do not want to. More importantly, the field is not used for validation. A "controlled-vocabulary" is an actual vocabulary where the values are well known or well understood. This field can be used in validation checks. The "vocabulary-extension" option is a way to extend this controlled vocabulary to another well known and well defined vocabulary. So while they both share the term "vocabulary" one is a vocabulary and one is a string field with suggested values. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]