OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [cti] CybOX Datatype Refactoring/Deprecation

We need to word the question a bit or maybe a few.

 

‘Support’ is not exact enough.

 

Do we have CTI observables stored in orginal non-defanged form? Is this required or optional to be complaint at MVP?

 

Do we have CTI observables stored in orginal defanged form?  Is this optional or required? Is this needed for MVP?

 

Is transformation to\from defanged require for MVP. Is a transformed observable a new observable or a revision of the orginal?

 

 

Mark

 

 

 

Sent from my Windows 10 phone

 

From: Jordan, Bret
Sent: Thursday, March 3, 2016 11:47 PM
To: Craig Brozefsky
Cc: Patrick Maroney; Foley, Alexander - GIS; Crawford, David; cti@lists.oasis-open.org
Subject: Re: [cti] CybOX Datatype Refactoring/Deprecation

 

This is why we will open a ballot.  So we can get an official pulse from the community.  My vote will be "No" we should not include defanging in the official spec.

Bret

Sent from my Commodore 64

> On Mar 3, 2016, at 8:44 PM, Craig Brozefsky <cbrozefs@cisco.com> wrote:
>
>
> Patrick Maroney <Pmaroney@Specere.org> writes:
>
>> So I have no strong emotion on whether we do Base64 on the objects or
>> the STIX package , but would argue for the package itself. Again, key
>> point for the assertion is it is (1) simple to implement and (2)
>> provides an effective mechanism for preventing unintentional outcomes
>> when passing "Live Ammo" on the wire.
>
> One the wire is not the attack surface, unless you are writing a crappy
> IDS? -- it's in the parsers and in the display, storage and manipulation
> of the content. I'm quite sure this kind of prophylactic is not worth
> the little bit of electricity it would take, let alone the collective
> oxygen wasted in sighs from implementors if it became a MUST. 8^)
>
> --
> Craig Brozefsky
> Lead Engineer, AMP Threat Grid and Advanced Threat Integration Team
> Cisco Security Group
> +1-773-469-8349

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]