OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [cti-users] STIX 2.1 Propsal - Opinion Object

Hello All

If you allow me, here are my two cents on this:
In my opinion we should not confuse things. 
Attribution is the capability of assign and provide evidences linking someone/something with an action/attack step that has or is happening and is thightly connected with one of the attributes of information security that is not commonly managed, non-repudiation.

I do agreed with the existence of an object property that allow "to grade" the commonly agreed level of relationship between other SDO´s by accumulating "thustworthy points", and due to that to carry a property, call it for eg "thrust level"/"opinion level"
This points could be given by the community who could also have the capability of downgrade the "thustworthy points" by subtracting or attributing negative points.
Obviously there should be put in place mecanisms for protecting the misuse or corruption of such an attribute. 

Hope it helped

Be happy and have a super 2017

TM



Tolentino Martins

2017-01-09 16:06 GMT+00:00 Jason Hammerschmidt <Jason.Hammerschmidt@ieso.ca>:

I believe this is a valuable addition.  Like other User Generated Content (UGC), attribution is a requirement for the content to be trusted and used, therefore, if added, attribution will be required in some manner for it to be adopted.  I know many people are concerned about attribution but I for one am happy to provide it in this field, in fact I think it will be required moving forward for full adoption, less we only rely a limited set of authoritative feeds.   

 

From: cti-users@lists.oasis-open.org [mailto:cti-users@lists.oasis-open.org] On Behalf Of Terry MacDonald
Sent: December 25, 2016 3:24 AM
To: cti-stix@lists.oasis-open.org; cti-users@lists.oasis-open.org
Subject: [cti-users] STIX 2.1 Propsal - Opinion Object

 

*** EXTERNAL email. Please be cautious and evaluate before you click on links, open attachments, or provide credentials. ***

Hi All,

I'd like to propose the Opinion Object for STIX 2.1.

The Opinion object is an object that allows the creator of the Opinion object to agree/disagree with any other STIX Data Object or STIX Relationship Object. It will allow an Organization to disagree with a relationship between a Threat Actor and a Campaign for example, or agree with the contents of an Course of Action.

This is the first step towards consumers being able to crowd-source the opinion of the community, which will help newcomers to the threat intelligence sharing groups better understand which threats have a high degree of community agreement and which are contentious.

 

Further details in the attached PDF.

 

Cheers

 

Terry MacDonald | Chief Product Officer

 

 

 

 

 

This e-mail message and any files transmitted with it are intended only for the named recipient(s) above and may contain information that is privileged, confidential and/or exempt from disclosure under applicable law.  If you are not the intended recipient(s), any dissemination, distribution or copying of this e-mail message or any files transmitted with it is strictly prohibited.  If you have received this message in error, or are not the named recipient(s), please notify the sender immediately and delete this e-mail message.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]