Hi Allen - yes I confirm that is my intention. My suggestion was to go *from* the process, *to* the vulnerability, with the verb "vulnerable_to"
We could just as easily use the name "has_vulnerability" - it does not matter to me. Which does the TC prefer?
-
Jason Keirstead
Lead Architect - IBM.Security
www.ibm.com/security
"Things may come to those who wait, but only the things left by those who hustle." - Unknown
From: Allan Thomson <athomson@lookingglasscyber.com>
To: Jason Keirstead <jason.keirstead@ca.ibm.com>, "cti-stix@lists.oasis-open.org"
<cti-stix@lists.oasis-open.org>
Date: 10/02/2018 05:45 AM
Subject: Re: [cti-stix] Two Minor 2.1 STIX Proposals
Jason - should the relationship not be named ‘has_vulnerability’ rather than vulnerable to?
Example:
The telnet software version 11.2 has vulnerability CVE #1-23-5
Please confirm that your intention is to relate the software to known vulnerabilities detected for that software version.
Thanks
Allan Thomson.
CTO, lookingglass cyber solutions.
Www.lookingglasscyber.com. This electronic message transmission contains information from LookingGlass Cyber Solutions, Inc. which may be attorney-client
privileged, proprietary and/or confidential. The information in this message is intended only for use by the individual(s) to whom it is addressed. If you believe that you have received this message in error, please contact the sender, delete this message,
and be aware that any review, use, disclosure, copying or distribution of the contents contained within is strictly prohibited.
From:
cti-stix@lists.oasis-open.org <cti-stix@lists.oasis-open.org> on behalf of Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Sent: Saturday, September 29, 2018 1:48:34 AM
To: cti-stix@lists.oasis-open.org
Subject: [cti-stix] Two Minor 2.1 STIX Proposals
I would like to submit the following two minor proposals for 2.1...
- The addition of a "software_ref" property to the "Process" cyber observable object. This would allow one to encode what piece of software a given process is for (which you can then tie to CPE and do many things with)
- A defined relationship type of "vulnerable_to" to be added from observed_data
to vulnerability. This would allow you to say that a given process, system, or software was vulnerable to a certain vulnerability.
-
Jason Keirstead
Lead Architect - IBM.Security
www.ibm.com/security
"Things may come to those who wait, but only the things left by those who hustle." - Unknown