cti-stix message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: "Assertion" object and Working Call
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: cti-stix@lists.oasis-open.org
- Date: Mon, 11 Dec 2017 12:02:09 -0400
Hello all. On the working call this week,
we are going to be attempting to bring the discussion around "Assertion"
to a close.
As a reminder here is a link to the
current up-to-date proposal: https://docs.google.com/document/d/15qD9KBQcVcY4FlG9n_VGhqacaeiLlNcQ7zVEjc8I3b4/edit#heading=h.qxvz3vox3ksj
There were two remaining points of concern
after the last working call
- There was a request by some participants
to rename the object, but there were few proposed alternatives. The only
suggestion I have seen thus far is re-naming the object itself to threat_level.
The reason we went with a neutral term from the beginning, is because in
the future you will probably want to assert *other* things that do not
have to do with threat - for example, categories for URLs etc. So myself
I would not like a name with the word “threat” in it. Keeping that in
mind, if you are a stakeholder who wants this object to be renamed, please
bring some suggestions to the working call.
- There is a suggestion about valid_from
and valid_to. Neither of these are in the document currently.
-
There was a discussion around if these fields are needed when STIX versioning
is taken into account... IE shouldn't assertions in the past have been
expressed via previous versions of the object.
-
If kept there was a request to rename valid_from and valid_until to align
with start_time and end_time to align with some other STIX objects.
-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security
"Things may come to those who wait, but only the things left by those
who hustle." - Unknown
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]