I am not looking at this as a formal interoperability exercise, and as I said in my email, this is a personal request. So yes, I would love to talk to everyone that is doing something in and around CTI, please contact me off list to discuss.
Thanks,
Bret Bret Jordan CISSPDirector of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
All, As Dave Eilken pointed out, we will be establishing a formal interoperability SC within the OASIS CTI TC next week for exactly this purpose. It is not in the interests of the CTI TC for any one individual, however well-meaning, to designate himself as either the representative of the CTI TC to the outside world as the primary conduit for this type of information. Therefore, I would ask that anyone interested in sharing their use-cases and other implementation experiences do so with the designated representatives of the TC operating under the charter of the Interoperability SC. Thank you. Rich I have a pretty good track record of honoring the implied NDAs when I talk with groups about what they are doing, helping them work through issues with STIX/TAXII, or discussing how they might use CTI in my vision of the SOC of the future. But to your request, I will be more than willing to share any information or anonymized version that I am told is public and not restricted. I will, however, always share my summaries, conclusions, and take aways as those can be anonymized to a point where no intellectual property or trade secrets will be exposed. I just really want this research to help me do a better job representing the community. Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." I hope this kind of information can be pulled to together by the InterOP SC that’s been proposed. At the end of the day, we need to consolidate all of the STIX TAXII efforts in a vetted list that will help push standards maturity in the right direction. We can quickly get some specific (albeit qualitative) maturity parameters around what are ok/ good/ great (both for STIX & TAXII) implementations defined by the community. I’m sure it would be greatly appreciated if you can pass on any info you gather to the SC once it’s formed. As I’ve said, I’ll be donating all of the STIX TAXII validation efforts Soltra has done to date. I have a personal request.... I would like to get to know who is doing what today with CTI. I would especially like to know if and what you are doing with STIX and TAXII, if you have embarked on that train. Please contact me off list to setup a time for us to chat, all information will be treaded as if under an NDA. This research will help me identify areas and way that we can improve things or keep things the same in the standards body, especially the TAXII side of the house. For example, I just had a call with Intelworks and saw their new product and talked through their needs, wants, and use cases. And as a side note, WOW, if any of you are consumers and users of the CTI data itself, you really need to look at their solution. For those that reach out to me, and agree to it, I might include you in an OpEd I am wanting to write about the state of CTI and where things are going, and where things really could go to improve the state of cyber security. Director of Security Architecture and Standards | Office of the CTO PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|