I generally prefer names that read well and sound like they do in the real world.
Bret
Sent from my Commodore 128D
PGP
Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
Hi Allen - yes I confirm that is my intention. My suggestion was to go *from* the process, *to* the vulnerability, with the verb "vulnerable_to"
We could just as easily use the name "has_vulnerability" - it does not matter to me. Which does the TC prefer?
-
Jason Keirstead
Lead Architect - IBM.Security
www.ibm.com/security
"Things may come to those who wait, but only the things left by those who hustle." - Unknown
From: Allan Thomson <athomson@lookingglasscyber.com>
To: Jason Keirstead <jason.keirstead@ca.ibm.com>, "cti-stix@lists.oasis-open.org"
<cti-stix@lists.oasis-open.org>
Date: 10/02/2018 05:45 AM
Subject: Re: [cti-stix] Two Minor 2.1 STIX Proposals
Jason - should the relationship not be named âhas_vulnerabilityâ rather than vulnerable to?
Example:
The telnet software version 11.2 has vulnerability CVE #1-23-5
Please confirm that your intention is to relate the software to known vulnerabilities detected for that software version.
Thanks
Allan Thomson.
CTO, lookingglass cyber solutions.
Www.lookingglasscyber.com. This electronic message transmission contains information from LookingGlass Cyber Solutions, Inc. which may be attorney-client privileged, proprietary and/or
confidential. The information in this message is intended only for use by the individual(s) to whom it is addressed. If you believe that you have received this message in error, please contact the sender, delete this message, and be aware that any review,
use, disclosure, copying or distribution of the contents contained within is strictly prohibited.
From:
cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Sent: Saturday, September 29, 2018 1:48:34 AM
To: cti-stix@lists.oasis-open.org
Subject: [cti-stix] Two Minor 2.1 STIX Proposals
I would like to submit the following two minor proposals for 2.1...
- The addition of a "software_ref" property to the "Process" cyber observable object. This would allow one to encode what piece of software a given process is for (which you can then tie to CPE and do many things with)
- A defined relationship type of "vulnerable_to" to be added from observed_data
to vulnerability. This would allow you to say that a given process, system, or software was vulnerable to a certain vulnerability.
-
Jason Keirstead
Lead Architect - IBM.Security
www.ibm.com/security
"Things may come to those who wait, but only the things left by those who hustle." - Unknown
|