OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] Thoughts on STIX and some of the other threads on this list


Cross-posting to the broader community as most of them are not on the members OASIS CTI list, but have valuable feedback on this topic..  CTI-Users, please review this thread in the email archives at OASIS.

So where does this leave us?  I still do not feel like we have a super clear path forward that we all agree on, and I would like to see us come to some sort of steady state.  

We have heard comments from the Telco space, FS-ISAC/DTCC, MITRE/DHS, vendors (IBM, bit9, BrightPoint) and the Model development space.  I would like to here more from the community especially those that will be writing code and I would like to hear more from those that have already commented. We need everyone's ideas and input, even if we do not always agree.  The ideas and comments are valuable as they stitch together the dots and that make up the context that will eventually reveal the picture. 

My top level design goals are:

*) We work on a good solid UML model, trying as best as we can to address the issue Aharon has called out.  

*) We get the security practitioners to review the model to make sure it is easy to use, understand, and that it has the data they need in the places they expect, 

*) We get development teams, product managers, and vendors to review the model for ease of adoption in to product portfolios and do some top level implementation sanity checking.  In product development terms, we want to make sure our architectural stack is solid and that we are not doing things that are going to make life really painful or difficult in the future (like our current implementation of Data Markings).  

==> Where we need further discussion, I believe, is how do we go from Data Model to Data Exchange Format (that thing that most people actual care about). 


I think if we can do these things, and get consensus on the last one, we will be moving in the right direction.  This can help ensure that we are designing and building both a Data Model and a Data Exchange Format that can actually be used.   The road forward will be a bit bumpy, and it is going to require a lot of thought from everyone.

I believe we have the chance of doing something great here.  I believe that we as a global community can make this work.  I believe we can fix the things that are painful and really make a difference in the Cyber Threat world.  




Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]