Jacob,
Thanks for the outreach and interest. A couple of recommendations and comments:
(1) We have a registry of over 60 Commercial Products/Services and Open Source Projects supporting the current OASIS CTI TC STIX, CybOX, and TAXII Specifications. The links to Registration and the latest versions of the registry can be found on the OASIS CTI TC Interoperability SC Wiki Page:
https://wiki.oasis-open.org/cti/cti-interoperability
(2) There is an initiative underway using “data mining” via GitHub API to automagically collect metadata on related Open Source Projects. In the interim there are a couple of dozen Open Source projects that can be found by searching GitHub using keywords “STIX”, “CybOX”, and “TAXII”.
(3) To the root point of your line of inquiry: In my experience, there are three key elements to establishing increased Inter-exchange of sensitive and actionable CTI:
a. Trust – “Human to Human” interaction (e.g., as facilitated through ISACs, ISAOs, Conferences, other formal/ad hoc information sharing groups) is ultimately required to build solid trust relationships.
b. Confidence - in the mechanisms for conveyance, common understanding, and enforcement of data marking and handling instructions.
c. Ease of Use – Simply put, we as the CTI Inter-Exchange and Operationalization architects and technologists need to provide the abstraction layers that mask complexity while providing reliable and predictable behavior.
You’ll have to do a little “digging” but there is substantive discourse from different stakeholder perspectives on key aspects can be found if you search the archives of this community (both here on OASIS and in the legacy MITRE host STIX/CybOX/TAXII Nabble Archives: http://making-security-measurable.1364806.n2.nabble.com.).
If you are a member of the IDXWG, there is also valuable discourse in general and specifically in relation to a number of Threads on TLP (ultimately becoming part of the FIRST IEP-SIG initiatives. Note: “Anyone can participate in the IEP-SIG, including organizations who are not members of FIRST. If you would like to join the IEP-SIG then please email the FIRST Secretariat first-sec@first.org. “)
Patrick Maroney
Office: (856)983-0001
Cell: (609)841-5104
President
Integrated Networking Technologies, Inc.
PO Box 569
Marlton, NJ 08053
From: <cti-users@lists.oasis-open.org> on behalf of "Hinkle, Jacob (LNG-SBO)" <jacob.hinkle@lexisnexis.com>
Date: Monday, July 11, 2016 at 10:08 AM
To: "cti-users@lists.oasis-open.org" <cti-users@lists.oasis-open.org>
Subject: [cti-users] Research Paper on Information Sharing of Cyber Security Threats and Defense Strategies
Ladies and Gentlemen,
I am writing a research paper on the technologies involved with Information Sharing in the Cyber Security industry as well as some of the challenges faced by White Hat Cyber Security folks in keeping up on threat intel. Some of my key programs and organizations of interest are Infragard, Taxii, Stix, various vendor "threat intel" feeds, PasteBin (yes pastebin for threat intel mostly as a target for scrapers looking for loosed credentials or exploit code) and IBM Xforce to name a few.
My "ask" from you all is some direction for any services/organizations I may be overlooking as well as any insight you may have to making the sharing of cyber security related intel a more open and prevalent thing. Part of my paper will be examining corporate reluctance to share threat intelligence especially when related to exploits and attacks against their own networks, and what impact this has on our ability to effectively adapt and defend against new threats.
My initial stance is that while the black hats openly share exploits and attack vectors with each other, white hats or specifically the corporations they work for do not share the information of how to defend against threats or share information about how the attackers managed to hack them. I will speak at length about the laws proposed and also those which have been passed which ostensibly are meant to facilitate this sharing between the government and corporate America, so I also would appreciate your thoughts on these as well if you have the time/feel like sharing.
I am not relying on the kindness of strangers to get my paper written but your input as a community that is dedicated to these issues would be very valuable.
Thank you for your time and consideration.
Jacob Hinkle, CISSP
This publicly archived list provides a forum for asking questions,
offering answers, and discussing topics of interest on STIX,
TAXII, and CybOX. Users and developers of solutions that leverage
STIX, TAXII and CybOX are invited to participate.
In order to verify user consent to OASIS mailing list guidelines
and to minimize spam in the list archive, subscription is required
before posting.
Subscribe: cti-users-subscribe@lists.oasis-open.org
Unsubscribe: cti-users-unsubscribe@lists.oasis-open.org
List help: cti-users-help@lists.oasis-open.org
List archive: http://lists.oasis-open.org/archives/cti-users/
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
CTI Technical Committee: https://www.oasis-open.org/committees/cti/
Join OASIS: http://www.oasis-open.org/join/
