[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-taxii] Questioning the wisdom of using DNS SRV records for TAXII 2.0 Discovery
On 31.10.2015 12:01:28, Jerome Athias wrote: > 2015-10-31 11:37 GMT+03:00 Trey Darley <trey@soltra.com>: > > On 30.10.2015 21:28:38, Jordan, Bret wrote: > >> > > It would be worth threat modeling the TAXII 2.0 architecture (once the > > spec's closer to completion) with an eye towards generating a TAXII > > 2.0 security best practices guide for implementers as an OASIS work > > product. > > > > Open Microsoft Threat Modeler 2016 > Define a new template (new function of version 2016) > Put CAPEC in it > Draw the Threat Model > > Exam duration: 1 hour ;-) > Generating a *diagram* might be done in one hour. Generating a rigorous threat model for TAXII 2.0 definitely *won't* be a one hour exercise. -- Cheers, Trey -- Trey Darley Senior Security Engineer 4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430 Soltra | An FS-ISAC & DTCC Company www.soltra.com -- "In protocol design, perfection has been reached not when there is nothing left to add, but when there is nothing left to take away." --RFC 1925
Attachment:
signature.asc
Description: PGP signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]