OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-stix] relationships

So what you're describing is basically the importance of Semantics,
and the Triples concept.
https://en.wikipedia.org/wiki/Semantic_Web

That is explained, for example, in this paper (pointed out by Shawn Riley)
http://ebiquity.umbc.edu/_file_directory_/papers/781.pdf

PS: you, hopefully, would understand the frustration of those who
identified and understood this issue/point 1+ year ago, and where
advocating for an Ontology/Semantic direction (like with JSON-LD) of
CTI just to make our life easier and to save time and effort for the
success and quality of the work of this group.
I hope that we did not waste the past 8+ months for realizing that
"semantic matters"

Best regards


On Fri, Jul 15, 2016 at 8:33 AM, Jordan, Bret <bret.jordan@bluecoat.com> wrote:
> I took a hard look at the relationships we have defined so far, and really
> tried to question each one.  I made a lot of comments in the docs for us to
> review.  I focused on what is the relationship trying to say, and does it
> make since in both directions.  What I came up with is that in some cases it
> does make since in both directions, however, what you are trying to say is
> actually different.
>
> I guess it all comes down to what you are starting with, and what you are
> trying to say about that which you started with.  Take the example of an
> Indicator linking to a Campaign.
>
> 1) If you start with the Campaign, you might say that that "This Campaign is
> [detectable-by] this Indicator"
>
> 2) If you start with the Indicator, you might say, that "This Indicator
> [can-detect] this Campaign" or "This Indicator [indicates] the presence of
> this Campaign".
>
> So it really depends on what you have to start with, and what you are trying
> to say.  So for some of these, we may actually need to define the
> relationships both ways.
>
>
> Thanks,
>
> Bret
>
>
>
> Bret Jordan CISSP
> Director of Security Architecture and Standards | Office of the CTO
> Blue Coat Systems
> PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
> "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can
> not be unscrambled is an egg."
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]