[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-users] Vote NO on JSON - Vote YES on JSON-LD and here is why...
Thanks Joep,
I understand JSON-LD is slightly more complex which is why the JSON-LD advocates have been working over the past month or two to simplify the format as much as possible while still enabling context to be encoded and unique IDs to be used. The plan was we would be allowed to present this to the community BEFORE any formal vote on the MTI format. Since this has now been bypassed and we are not being allowed to present our case we are just trying to make sure the CISOs and human CTI analysts across DHS, DoD, and our 2P community are aware of the pending vote.
Cheers,
Shawn
Hi Shawn, (Trey),
Thank you for this and earlier contributions on representing the analyst (human user’s) perspective. I think it is extremely valuable. As Aharon I’d be happy to support you in getting your readership and constituencies engaged more in the community – I’m with you that we often miss the analyst and user perspective.
I do want to add some nuance to what Trey is saying with regards to representation of CISO/CTI Analysts on the list. We, in whole, represent their interests. It is logical end-users don’t have the time and resources to be as involved as the vendors that will help the whole lot of them with their use-cases. We should be keeping their requirements in mind and vote on their behalf.
That said, the analyst/user in our (EclecticIQ) view isn’t really a user of STIX but rather systems using STIX to transport threat related information and using STIX to be inspired to model the domain of threat information – as to ensure alignment between systems that communicate with humans. The need to interpret STIX and “connect the dots” - irrespective of what STIX or its serialization format offer in terms of connectedness/relationships – is still an important part of any system supporting the analysts. I don’t believe that in the distributed way STIX is used that that requirement will ever go away. Additionally data mining and interpretations will continue to be required to connect-the-dots.
Vendors need to ensure they can serve the analysts use-cases and I think the road between analyst use-cases and serialization format is HUGE and there are many ways of meeting requirements. JSON-LD might be one of the technical implementations in which these use-cases could be met and might complicate others. JSON-LD does add significant complexity in certain areas. Equally, might help decrease it in others. I can’t oversee this Architecturally right this instance. I do feel consensus is far enough (which we’ll see if the case in the vote) to not re-open that debate. Hence my support of JSON right now.
For context; we spend significant resources to move into JSON and can certain say that moving further into something like JSON-LD would be a serious investment for implementors. So regardless so be considered carefully for STIX 3.0 and beyond.
All the best,Joep
From: <cti-users@lists.oasis-open.org> on behalf of Shawn Riley <shawn.p.riley@gmail.com>
Date: Monday, November 23, 2015 at 11:29 AM
To: Trey Darley <trey@soltra.com>
Cc: "cti-users@lists.oasis-open.org" <cti-users@lists.oasis-open.org>
Subject: Re: [cti-users] Vote NO on JSON - Vote YES on JSON-LD and here is why...
Since I have a few hundred CISOs and even more CTI analysts directly connected on LinkedIn they are being sent information directly to make them aware of this vote and the additional risk posed by moving to JSON. They deserve to be educated and notified.
It was the same list of developers who also agreed to listen to a JSON-LD presentation with real-world examples but have decided to push ahead and force the vote for JSON without giving the JSON-LD advocates the opportunity to present their case.
Thanks,
Shawn
On Mon, Nov 23, 2015 at 6:23 AM, Trey Darley <trey@soltra.com> wrote:
On 23.11.2015 06:16:18, Shawn Riley wrote:
> I have not seen a single CISO or CTI Analyst endorsement. I do see
> the list of developers, engineers, etc. endorsements you provided.
> Thanks! I stand by my post.
>
Sean -
OASIS is a democratic standards body. Decision-making is driven by the
consensus that emerges from OASIS members with voting rights. The
cti-users list is for random interested parties. The cti list is for
OASIS members with voting rights. If a CISO or CTI Analyst out there
cares deeply, it is incumbent upon them to join OASIS as a voting
member and make their voice heard as part of the democratic process.
--
Cheers,
Trey
--
Trey Darley
Senior Security Engineer
4DAA 0A88 34BC 27C9 FD2B A97E D3C6 5C74 0FB7 E430
Soltra | An FS-ISAC & DTCC Company
www.soltra.com
--
"There are only two hard things in Computer Science: cache
invalidation and naming things." --Phil Karlton
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]