OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

cti message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [cti] RE: Some additional thoughts on combining STIX and CybOX


I just want to throw it out there that having separate working documents does not necessarily mean we have to have separate work products. Also, having separate work products and/or working documents, does not necessarily mean we either have to (or conversely, can not) have separate subcommittees that are maintaining those working documents and/or work products.

Tl;DR - People are confusing working documents, work products, and subcommittees too much in this thread. Lets be clear on what we're talking about.

I also agree Cybox should be a separate work product, because it has lots of usefulness outside of STIX (including the potential to create a common cyber-threat correlation language).

I am not in agreement however that CTI Common should be a separate work product (as on the ballot).

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
www.ibm.com/security | www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown


Inactive hide details for Paul Patrick ---03/17/2016 01:43:42 PM---+1 on the comments both by Sean and Jeff.   Paul PatrickPaul Patrick ---03/17/2016 01:43:42 PM---+1 on the comments both by Sean and Jeff. Paul Patrick

From: Paul Patrick <ppatrick@isightpartners.com>
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Date: 03/17/2016 01:43 PM
Subject: Re: [cti] RE: Some additional thoughts on combining STIX and CybOX
Sent by: <cti@lists.oasis-open.org>





+1 on the comments both by Sean and Jeff.  



Paul Patrick





On 3/17/16, 10:58 AM, "Mates, Jeffrey CIV DC3/DCCI" <cti@lists.oasis-open.org on behalf of Jeffrey.Mates@dc3.mil> wrote:

>I'm strongly in favor of keeping the two separate.  Having separate documents makes it easier to deal with when switching between writing tools that deal with threat actor attribution instead of crimes that merely happen to involve computers.
>
>Jeffrey Mates, Civ DC3/DCCI
>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>Computer Scientist
>Defense Cyber Crime Institute
>jeffrey.mates@dc3.mil
>410-694-4335
>
>-----Original Message-----
>From: cti@lists.oasis-open.org [
mailto:cti@lists.oasis-open.org] On Behalf Of Barnum, Sean D.
>Sent: Thursday, March 17, 2016 10:52 AM
>To: cti@lists.oasis-open.org
>Subject: [Non-DoD Source] [cti] Some additional thoughts on combining STIX and CybOX
>
>Several people have suggested that it would be more convenient to combine STIX and Cybox, characterizing it as a documentation issue where it would be easier to read a single document.
>
>Several people have explicitly stated that it is important technically that CybOX remain a separate standard to support diverse domain standards like STIX, MAEC, DFAX, etc in a focused and unbiased manner. They have also pointed out that it is a standards issue (different development groups/opinions, different conformance and different referencing) not simply a documentation issue.
>
>Sean’s opinion:
>There are a lot of technical details that have been provided by numerous members of the community why STIX and CybOX should not be combined. I will not restate those here. Rather, I would just add to those details a simple statement on our responsibilities as a standards body.
>As a TC that took on responsibility for the maintenance and ongoing development of CybOX as an independent standards effort (specifically called out as such in the TC charter) we have a responsibility to continue to respect the purpose for CybOX and the community of efforts and players (including several within the TC) that depend on it as a separate standard focused on the facts of cyber observables.
>Does the TC technically have the authority to ignore the needs of this community of players and efforts and change CybOX into whatever it feels like? Yes.
>Is that a responsible or appropriate course of action? In my opinion, definitely not.
>In my opinion, it is not an appropriate standards decision to place personal opinions of convenience in form factor over directly expressed technical needs of the community.
>
>Thank you for considering my opinions.
>
>sean





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]