OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-taxii message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-taxii] RE: Vision Statement for TAXII

If we're pursuing the TAXII 2.x Vision Statement here I would argue for a broader scope for TAXII beyond CTI.  The OMG Threat Risk Initiative is defining models for Threat/Risk that transcend Domains (Cyber, Political, Natural Disaster, Terrorist, etc.).  I see no reason to constrain TAXII to just the Cyber Domain.  For example, I believe we could fairly easily embed NIEM XML Packages focusing on other domains in STIX packages today to support an "All Hazards" Inter-Exchange of blended Threat Intelligence.  Why limit our vision/capabilities when looking to the future of TAXII?


Patrick Maroney

From: <cti-taxii@lists.oasis-open.org> on behalf of "Davidson II, Mark S"
Date: Tuesday, September 15, 2015 at 12:57 PM
To: "Wunder, John A.", "'cti-taxii@lists.oasis-open.org'"
Subject: RE: [cti-taxii] RE: Vision Statement for TAXII

I’d like to attempt to summarize the various comments and discussion so far, represented as an updated proposal:

 

TAXII is an open protocol that enables rapid and secure sharing of cyber threat information between people and systems. With a focus on simplicity and scalability TAXII speeds the sharing of cyber threat information across tools, products, and organizations.

 

I modified some language to my own personal liking. If my language is worse, we can revert it. Here’s the list of modifications:

 

·         rapid, secure, and trusted -> rapid and secure (reason: easier to remember/say)

·         cyber threat intelligence -> cyber threat information (reason:  information is broader than intelligence)

·         simple and reusable concepts -> simplicity and scalability (reason: I pulled simplicity/scalability from our SC kickoff slide deck)

·         reduces the friction of sharing -> speeds sharing (reason: My preference is to frame it as a positive vs. as removing a negative)

 

My one criticism of the current form is that both sentences end in “sharing of cyber threat information across/between <list>”.

 

I’d also like to identify the calls for more definition around what TAXII is and is not – I’d like to offer that we discuss that as something of a scoping statement, separate from the vision statement. Thoughts?

 

Thank you all for participating in the discussion – I think we’re closing in on something we can all generally agree on, and all of your inputs have been valuable.

 

Thank you.

-Mark

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]