[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Re: [EXT] Re: [cti-stix] Possible solution to conundrum of how to do patterns for Infrastructure and Malware
I agree with Trey – I think this is a non-starter, unless we wish to re-architect significant portions of STIX 2.0. Is anyone really wishing for this?
-Ivan
On 5/25/17, 10:39 AM, "Trey Darley" <cti-stix@lists.oasis-open.org on behalf of trey@kingfisherops.com> wrote:
On 25.05.2017 13:14:58, Jason Keirstead wrote:
>
> I am also not sure what having observables as TLOs gains you. I
> think it would make things quite messy actually and not contribute
> to solving this problem...
>
While I was initially supportive of making STIX Observables (CybOX at
the time) into first-class TLOs during The Great Arglebargle Debate of
2016, doing so at this point would require a *significant* reworking
of STIX 2.0, Parts 3-5. Making such a radical change this late in the
process are negligible when compared to the impact of delaying STIX
2.0 by some months.
I recommend tabling the discussion of making Observables TLOs until
STIX 3.0.
--
Cheers,
Trey
++--------------------------------------------------------------------------++
Kingfisher Operations, sprl
gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4 5B9B B30D DD6E 62C8 6C1D
++--------------------------------------------------------------------------++
--
"Good, Fast, Cheap: Pick any two (you can't have all three)." --RFC 1925
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]