OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-stix message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti-stix] STIX Indicator Proposal


On 09.06.2017 07:51:46, Terry MacDonald wrote:
> I'm not really a fan of this approach. We spent a long time
> separating the observed data or so that it recorded what has
> happened, and the indicator, which recorded what to look for.
> 

While I applaud Gary's creativity in the approach he suggested, I
agree with Terry's assessment. Going down this path would reopen The
Great Arglebargle Debate of 2016, which would be counter-productive to
say the least.

(Which is not to say that there isn't a useful kernel in Gary's
suggested approach, provided we can find a way of maintaining the
clear delineation between Observed Data and Indicators.)

This whole conversation started over perceived overlap between
Malware/Infrastructure and Indicators. I don't think that we have a
clear problem statement we'd all agree on yet. Until we have a clear
common understanding of the problem we're trying to solve we will
continue talking past one another.

Let's make defining that clear problem statement the primary objective
of today's TC working call.

-- 
Cheers,
Trey
++--------------------------------------------------------------------------++
Kingfisher Operations, sprl
gpg fingerprint: 85F3 5F54 4A2A B4CD 33C4  5B9B B30D DD6E 62C8 6C1D
++--------------------------------------------------------------------------++
--
"There is absolutely no inevitability, so long as there is a
willingness to contemplate what is happening." --Alfred North
Whitehead

Attachment: signature.asc
Description: Digital signature



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]