[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti-taxii] RE: Vision Statement for TAXII
I’d like to attempt to summarize the various comments and discussion so far, represented as an updated proposal: TAXII is an open protocol that enables rapid and secure sharing of cyber threat information between people and systems. With a focus on simplicity
and scalability TAXII speeds the sharing of cyber threat information across tools, products, and organizations. I modified some language to my own personal liking. If my language is worse, we can revert it. Here’s the list of modifications: ·
rapid, secure, and trusted -> rapid and secure (reason: easier to remember/say) ·
cyber threat intelligence -> cyber threat information (reason: information is broader than intelligence) ·
simple and reusable concepts -> simplicity and scalability (reason: I pulled simplicity/scalability from our SC kickoff slide deck) ·
reduces the friction of sharing -> speeds sharing (reason: My preference is to frame it as a positive vs. as removing a negative) My one criticism of the current form is that both sentences end in “sharing of cyber threat information across/between <list>”. I’d also like to identify the calls for more definition around what TAXII is and is not – I’d like to offer that we discuss that as something of a scoping statement,
separate from the vision statement. Thoughts? Thank you all for participating in the discussion – I think we’re closing in on something we can all generally agree on, and all of your inputs have been valuable. Thank you. -Mark From: cti-taxii@lists.oasis-open.org [mailto:cti-taxii@lists.oasis-open.org]
On Behalf Of Wunder, John A. Just spitballing here: TAXII is an open protocol that enables rapid, secure, and trusted sharing of cyber threat intelligence between people and systems. With
a focus on simple and reusable concepts, TAXII reduces the friction of sharing cyber threat intelligence among disparate tools, organizations, and ecosystems [without prescribing specific trust agreements, governance, or sharing policies]. I’d go either way on the section in the brackets…do people often misunderstand and think that TAXII prescribes trust agreements, governance,
sharing policies, etc? If so, maybe include it. Otherwise it’s extraneous and could even sound defensive. John From:
<cti-taxii@lists.oasis-open.org> on behalf of "Richard.Struse@HQ.DHS.GOV" The original paragraphs were clearly too verbose and lacked punch. However, the proposed language seems somehow too vague and does read
like ad copy. From: Eric Burger [mailto:Eric.Burger@georgetown.edu]
Looks like it was written by a Mad Men copy writer. Does it say anything?
Sent from my mobile device. Thanks be to LEMONADE:
http://www.standardstrack.com/ietf/lemonade On Sep 14, 2015 12:06 PM, "Davidson II, Mark S" <mdavidson@mitre.org> wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]