The subcommittee would create work products, documentation, and best practices for using STIX, TAXII and CYBOX. As I talk with start-ups and other implementors / integrators, I hear a common theme. "How do we actually store this data and what is the best practices for doing so?". This working group, in my mind, would address those issues and report back to the TC with recommend best practices, examples, and documentation on how to build the databases to actually make use of STIX, TAXII, and CYBOX.
You could even put in scope the query functions that should exist for each language and how best to do those. It would be nice to have a working group focused on this effort. And IMHO, I think this would help get a lot of new people to STIX and TAXII up and running more quickly.
Thanks,
Bret Bret Jordan CISSPDirector of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
I need some more time to structure a more complete response right now (trying to catch flights out of Berlin) but I am really struggling to understand how can this possible be on the scope of the standard.
Could you please elaborate how the actual database format would be relevant for the standard discussion?
On Fri, Jun 19, 2015 at 4:28 PM, Jordan, Bret <bret.jordan@bluecoat.com> wrote:
And I would nominate Jerome to Co-Chair this with Eric Burger.
Thanks,
Bret
Bret Jordan CISSPDirector of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
+1 2015-06-19 6:11 GMT+03:00 Jordan, Bret < bret.jordan@bluecoat.com>: About 9 months ago or so we tossed around the idea of setting up a Subcommittee / Working group to look in to database requirements and build photo-type examples for storying STIX and or TAXII data. I would like to propose that we do that here at OASIS and I would nominate Eric Burger to Chair this committee. He is after all a professor of computer science that teaches database theory... I think we would be very lucky to have him run this group.
Thanks,
Bret
Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 62A6 5999 0F7D 0D61 4C66 D59C 2DB5 111D 63BC A303 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
<signature.asc>
This e-mail message and any files transmitted with it contain legally privileged, proprietary information, and/or confidential information, therefore, the recipient is hereby notified that any unauthorized dissemination, distribution or copying is strictly prohibited. If you have received this e-mail message inappropriately or accidentally, please notify the sender and delete it from your computer immediately.
|