[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] CybOX Datatype Refactoring/Deprecation
I fully agree that people will need to do this and will want to do this... I also agree that it is done today... I am just not sure why the language needs to support something special to say that it was done... I do not see how that extra information is going to change a automated processes and work flows. In paper-land, if you get handed a redacted document, you see that it is redacted, but there is no special flag on each paragraph or sentence or word to say that something was redacted or obfuscated. You can simple see that is was redacted by the fact that the content is blacked out. Also, if you send me some STIX with some content that is ##REDACTED##, how is my work flow going to change with a flag on the data versus just seeing that the content is not there? Maybe it would be best handled via a best practice of just using "##REDACTED##" Help me understand how automated work flows would operate differently with the inclusion of a flag, the way i see it, all of the items that would normally be redacted or obfuscated will be bubbled up to a human anyway. Another thought I had is I am not sure that everyone will want to call out that the intel was obfuscated or redacted... They may just want to do it, so at best case any fields indicating as such would need to be optional. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards | Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."
|
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]