cti-stix message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti-stix] Two Minor 2.1 STIX Proposals
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: Allan Thomson <athomson@lookingglasscyber.com>
- Date: Tue, 2 Oct 2018 09:14:21 -0300
Hi Allen - yes I confirm that is my intention.
My suggestion was to go *from* the process, *to* the vulnerability, with
the verb "vulnerable_to"
We could just as easily use the name
"has_vulnerability" - it does not matter to me. Which does the
TC prefer?
-
Jason Keirstead
Lead Architect - IBM.Security
www.ibm.com/security
"Things may come to those who wait, but only the things left by those
who hustle." - Unknown
From:
Allan Thomson <athomson@lookingglasscyber.com>
To:
Jason Keirstead <jason.keirstead@ca.ibm.com>,
"cti-stix@lists.oasis-open.org" <cti-stix@lists.oasis-open.org>
Date:
10/02/2018 05:45 AM
Subject:
Re: [cti-stix]
Two Minor 2.1 STIX Proposals
Jason - should the relationship not be named âhas_vulnerabilityâ
rather than vulnerable to?
Example:
The telnet software version 11.2 has vulnerability CVE
#1-23-5
Please confirm that your intention is to relate the software
to known vulnerabilities detected for that software version.
Thanks
Allan Thomson.
CTO, lookingglass cyber solutions.
Www.lookingglasscyber.com.
This electronic message transmission contains information from LookingGlass
Cyber Solutions, Inc. which may be attorney-client privileged, proprietary
and/or confidential. The information in this message is intended only for
use by the individual(s) to whom it is addressed. If you believe that you
have received this message in error, please contact the sender, delete
this message, and be aware that any review, use, disclosure, copying or
distribution of the contents contained within is strictly prohibited.
From: cti-stix@lists.oasis-open.org
<cti-stix@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Sent: Saturday, September 29, 2018 1:48:34 AM
To: cti-stix@lists.oasis-open.org
Subject: [cti-stix] Two Minor 2.1 STIX Proposals
I would like to submit the following
two minor proposals for 2.1...
- The addition of a "software_ref" property to the "Process"
cyber observable object. This would allow one to encode what piece of software
a given process is for (which you can then tie to CPE and do many things
with)
- A defined relationship type of "vulnerable_to" to be
added from observed_data to vulnerability. This would allow
you to say that a given process, system, or software was vulnerable to
a certain vulnerability.
-
Jason Keirstead
Lead Architect - IBM.Security
www.ibm.com/security
"Things may come to those who wait, but only the things left by those
who hustle." - Unknown
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]