Re: [cti] Next weeks working call

["Kirillov, Ivan A." <ikirillov@mitre.org>]

I think this has come up before, but we’ve never discussed it at length.

I concur that this would be useful to have, as there are almost always likely to be more Objects that the community needs than exist in a given CybOX release. There are some open questions around how this should be handled – specifically regarding what would constitute a “provisional” Object (a data model/data dictionary? a serialization?), and where such Objects would live (would they be draft OASIS work products? or can they be defined and stored elsewhere?). I think if we can nail down these questions and formulate the process for submitting/defining provisional Objects, I don’t see any reason why we couldn’t support them.

Regards,

Ivan

From:  Jason Keirstead <Jason.Keirstead@ca.ibm.com>
Date: Friday, January 29, 2016 at 2:02 PM
To: Ivan Kirillov <ikirillov@mitre.org>
Cc: Sean Barnum <sbarnum@mitre.org>, Bret Jordan <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] Next weeks working call

Has the idea been floated for something akin to "provisional" objects?

It would be nice to be able to reference objects that have been discussed by stakeholders but not been formally ratified in the community. A lot of these objects that are not important enough to hold up Cybox 3.0, we may have some form of provisional proposal that people could make use of.

I am thinking similar to how web standards work. Frequently (in fact, almost always), web browser vendors reference and implement provisional specifications, for months and sometimes for years before they are ratified. Once they are ratified, they make the needed changes in their basal implementations to use the officially blessed behaviours.

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


"Kirillov, Ivan A." ---01/29/2016 04:47:06 PM---Yup – as Sean mentioned, we’d like to talk about the Object selection approach for CybOX 3.0. For th

From: "Kirillov, Ivan A." <ikirillov@mitre.org>
To: "Barnum, Sean D." <sbarnum@mitre.org>, "Jordan, Bret" <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date: 01/29/2016 04:47 PM
Subject: Re: [cti] Next weeks working call
Sent by: <cti@lists.oasis-open.org>

---

Yup – as Sean mentioned, we’d like to talk about the Object selection approach for CybOX 3.0.

For those interested in some prior reading, here’s a wiki page that documents our current thinking: https://github.com/CybOXProject/schemas/wiki/CybOX-3.0:-Object-Selection

Regards,
Ivan

From: <cti@lists.oasis-open.org> on behalf of Sean Barnum <sbarnum@mitre.org>
Date: Friday, January 29, 2016 at 1:44 PM
To: Bret Jordan <bret.jordan@bluecoat.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: Re: [cti] Next weeks working call

I think we already have topics lined up.
I’m pretty sure that CybOX wanted some time to talk about Object selection. Ivan said they would need at least 30 mins.
STIX is hoping to use the rest of the time to talk about Source reference approach which is in the set of Indicator tranche plan topics for next week.
Versioning is not slated until the week of 2/15.

sean

From: <cti@lists.oasis-open.org> on behalf of "Jordan, Bret" <bret.jordan@bluecoat.com>
Date: Friday, January 29, 2016 at 2:54 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] Next weeks working call

Here are some possible topics for next week's working call:

1) Do we really need the indicator type field. Jason / John Wunder to discuss

2) How to do versioning.




Thanks,

Bret



Bret Jordan CISSP
Director of Security Architecture and Standards | Office of the CTO
Blue Coat Systems
PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050
"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."