[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Thoughts on STIX and some of the other threads on this list
Soltra adopted STIX due to consumer demand (and of course the interop part of it). The format of the specification didn't even make the top 10 reasons why we adopted it. We were willing to bite the XML bullet because we knew we could make end users happy regardless of the format. In the end, I don't care what format STIX is in, I will still focus on the consumer and make it work. Without consumers there is no STIX. There will always be a vendor who is willing to work hard to fulfill consumer demand, if there is actual consumer demand. But the inverse is not true. There is not always a consumer who will purchase a product, if the vendor makes it.
My concern is this narrow focus on the vendor. This is the wrong approach. This is the same failing approach we took with SCAP. Certain vendors just don't want to create tools that interoperate so that they can roll their own APIs or create a vendor specific ecosystem. These same vendors may also say, "yes, sure, give me json so that we will adopt..." Without any real plans of adoption, just to kick the can further down the road, or to lay blame on the current state of affairs of STIX/TAXII for their lack of adoption.
I will state again, I don't care what the format is. I do think we should actually look at all relevant formats and do a quick 2-3 page white paper and state why we did not select individual specific formats. This way when this topic comes up every 3 months we can point them at the white paper and have them RTFM.
Aharon Chernin
CTO SOLTRA
| An FS-ISAC & DTCC Company
18301 Bermuda green Dr
Tampa, fl 33647
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Jordan, Bret <bret.jordan@bluecoat.com>
Sent: Friday, August 28, 2015 6:22 PM To: Mark Clancy Cc: cti@lists.oasis-open.org Subject: Re: [cti] Thoughts on STIX and some of the other threads on this list Format impacts adoption, plain and simple. Why do you think Facebook went off and did their solution in JSON? Why does Soltra do JSON on the back end? Why does Intelworks do JSON? Why are other threat intel solutions doing JSON? Why are other yet to
be released solutions similar to Soltra Edge that have not yet been announced also doing JSON?
As I have said before, all of the code that has been written and that will be written by this group, in the end, will account for probably only 5% of the total code that needs to be written. If those web developers, app developers, and open source
developers that are going to write the other 95% hate the format, and refuse to work with it, then they will not write code for it. The Python libraries only go so far. We need libraries in C, C++, Objective-C, SWIFT, PHP, Ruby, Andoriod-Java, C#, etc etc
etc..
Everyone that does not think this is an issue, please write some C code using existing STIX in XML.. Then lets talk....
Let me copy in some of my thoughts from another thread and down grade my own TLP as well.
Most vendors I talk too, ones that we would want to be on board with STIX and TAXII, always complain about XML. I did not start this effort with a bias against XML, as I too was an academic. But everything I hear, and ever vendor I talk to says
the same thing.... So we should just do it and be done with it.
The religious debate is one-sides for sure. Meaning, people will avoid using STIX because of XML. But I doubt anyone at the end of the day would care if we stopped using XML. There is no one out there that is pushing for XML and
will refuse to use STIX if it is NOT in XML.
Lets solve this problem and be done with it.
Thanks,
Bret
Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]