Hi!,
I would also like to add my support for an ‘Opinion Object’ as well (I think this was discussed last year as well). As Jason and Terry have highlighted, this
object provides the capability for the community to have their say on information which is being passed around or shared. This can be quite critical in sector specific areas as well as the wider community as well (for example, we could rate or have opinion
about fraud data being shared between banks).
It would be great to be able to associate “Opinions” about the STIX data that is being passed around. It also provides the ability to introduce additional
concepts at a later stage.
Regards,
Dean
From: cti-users@lists.oasis-open.org [mailto:cti-users@lists.oasis-open.org]
On Behalf Of Jason Hammerschmidt
Sent: Tuesday, 10 January 2017 3:06 AM
To: 'Terry MacDonald'; cti-stix@lists.oasis-open.org; cti-users@lists.oasis-open.org
Subject: RE: [cti-users] STIX 2.1 Propsal - Opinion Object
I believe this is a valuable addition. Like other User Generated Content (UGC), attribution is a requirement for the content to be trusted and
used, therefore, if added, attribution will be required in some manner for it to be adopted. I know many people are concerned about attribution but I for one am happy to provide it in this field, in fact I think it will be required moving forward for full
adoption, less we only rely a limited set of authoritative feeds.
From:
cti-users@lists.oasis-open.org [mailto:cti-users@lists.oasis-open.org]
On Behalf Of Terry MacDonald
Sent: December 25, 2016 3:24 AM
To: cti-stix@lists.oasis-open.org;
cti-users@lists.oasis-open.org
Subject: [cti-users] STIX 2.1 Propsal - Opinion Object
*** EXTERNAL email. Please be cautious and evaluate before you click on links, open attachments, or provide credentials. ***
Hi All,
I'd like to propose the Opinion Object for STIX 2.1.
The Opinion object is an object that allows the creator of the Opinion object to agree/disagree with any other STIX Data Object or STIX Relationship Object. It will allow an Organization to disagree with a relationship between a Threat Actor and a Campaign
for example, or agree with the contents of an Course of Action.
This is the first step towards consumers being able to crowd-source the opinion of the community, which will help newcomers to the threat intelligence sharing groups better understand which threats have a high degree of community agreement and which are contentious.
Further details in the attached PDF.
Cheers
Terry MacDonald | Chief Product Officer
This e-mail message and any files transmitted with it are intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt
from disclosure under applicable law. If you are not the intended recipient(s), any dissemination, distribution or copying of this e-mail message or any files transmitted with it is strictly prohibited. If you have received this message in error, or are
not the named recipient(s), please notify the sender immediately and delete this e-mail message.
This e-mail and any attachments to it (the "Communication") is, unless otherwise stated, confidential, may contain copyright material and is for the use only of the intended recipient. If you receive the Communication in error, please notify the sender immediately by return e-mail, delete the Communication and the return e-mail, and do not read, copy, retransmit or otherwise deal with it. Any views expressed in the Communication are those of the individual sender only, unless expressly stated to be those of Australia and New Zealand Banking Group Limited ABN 11 005 357 522, or any of its related entities including ANZ Bank New Zealand Limited (together "ANZ"). ANZ does not accept liability in connection with the integrity of or errors in the Communication, computer virus, data corruption, interference or delay arising from or in respect of the Communication.