OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] CybOX Datatype Refactoring/Deprecation


This is why we will open a ballot.  So we can get an official pulse from the community.  My vote will be "No" we should not include defanging in the official spec. 

Bret 

Sent from my Commodore 64

> On Mar 3, 2016, at 8:44 PM, Craig Brozefsky <cbrozefs@cisco.com> wrote:
> 
> 
> Patrick Maroney <Pmaroney@Specere.org> writes:
> 
>> So I have no strong emotion on whether we do Base64 on the objects or
>> the STIX package , but would argue for the package itself. Again, key
>> point for the assertion is it is (1) simple to implement and (2)
>> provides an effective mechanism for preventing unintentional outcomes
>> when passing "Live Ammo" on the wire.
> 
> One the wire is not the attack surface, unless you are writing a crappy
> IDS? -- it's in the parsers and in the display, storage and manipulation
> of the content. I'm quite sure this kind of prophylactic is not worth
> the little bit of electricity it would take, let alone the collective
> oxygen wasted in sighs from implementors if it became a MUST. 8^)
> 
> -- 
> Craig Brozefsky
> Lead Engineer, AMP Threat Grid and Advanced Threat Integration Team
> Cisco Security Group
> +1-773-469-8349


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]