[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Two Minor 2.1 STIX Proposals
Hey, Jason - I think your suggestions are entirely sensible. They add semantic value, are trivial to implement, and don't break anything in the specs. Unless someone voices a substantive suggestion, I move that we incorporate your suggestions in the next STIX CSD. Cheers, Trey On 28.09.2018 20:48:34, Jason Keirstead wrote: > I would like to submit the following two minor proposals for 2.1... > > - The addition of a "software_ref" property to the "Process" cyber > observable object. This would allow one to encode what piece of software a > given process is for (which you can then tie to CPE and do many things > with) > > - A defined relationship type of "vulnerable_to" to be added from > observed_data to vulnerability. This would allow you to say that a given > process, system, or software was vulnerable to a certain vulnerability. > > - > Jason Keirstead > Lead Architect - IBM.Security > www.ibm.com/security > > "Things may come to those who wait, but only the things left by those who > hustle." - Unknown > > -- ++--------------------------------------------------------------------------++ Director of Standards Development, New Context gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338 ++--------------------------------------------------------------------------++ -- "No campaign plan survives first contact with the enemy." --Helmuth Graf von Moltke
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]