[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Current status on Confidence, Intel Note, and Opinion
All,
I thought I sent this on Friday but MITRE was having some e-mail issues and I don’t see it in the archive so I’m sending it again just in case.
I’m one of the people who things a fixed scale is the way to go, and I want to explain why.
First, I see our current 0-100 scale for confidence as a necessary solution because people use so many different confidence scales. If everyone could agree on one scale, I’d think it would make more sense to just use that…that way we don’t have people using different words and having to map scales back and forth. The person from AlienVault made that point at the face to face…what we have now is not our greatest option for compatibility. But, since there’s so many existing and divergent scales here we decided to go with this 0-100 scale with a mapping. It’s not ideal for consistency of language or best compatibility, but it lets us mediate across different scales.
I don’t think we have the same issue with opinion. I’ve not heard anyone say that we need to have different vocabularies to represent degrees of agreement or disagreement. Given that, I think we can take the more ideal approach here and just standardize on the single scale. Given that we’ll define a vocabulary for the scale, tools wanting to use statistical methods on opinion and confidence still can…just come up with your own mappings into numerical scales and use that. Nobody says you can’t call “Neutral” a 50…you totally can. It doesn’t mean we need to formally define it in the standard, and have to deal with the unfortunate bucketing solution that we have for confidence (where some level of information gets lost in translation). Using a defined scale lets us achieve maximum compatibility in the exchange (no bucketing of values) while still allowing people to do all the fancy math they want.
John
On 3/31/17, 3:53 AM, "cti@lists.oasis-open.org on behalf of Alexandre Dulaunoy" <cti@lists.oasis-open.org on behalf of Alexandre.Dulaunoy@circl.lu> wrote:
On 30/03/17 20:19, Patrick Maroney wrote:
> .02:
>
> Re: Subjective Measures
>
> Since we evidently have consensus on the 0-100 scale for confidence, we should adopt this representation for all subjective measures, assertions, etc. We should be able to apply consistent methods to process these mathematically/statistically.
We are also already in-line with the various MISP taxonomies representation with the 0-100 scale.
This is pretty much what we had in mind when we faced a similar decision. Ultimately we ended up using a similar 0-100 scale as described here:
https://github.com/MISP/misp-taxonomies/blob/master/misp/machinetag.json#L40
We strongly favour this consensus too.
>
> Example:
>
> An "opinion" is an assertion by an entity. Like all subjective measures, one might want/need to assign a weight/scaling factor to an "opinion" on the basis of the receiving entities rating for this source (or sources in the aggregate).
>
> Therefore, if we adopt a common scale and numeric representation for all of these subjective types of measures and representations, we can easily calculate (e.g., sum, average, std deviation), weight, aggregate, etc.
True.
Cheers.
--
Alexandre Dulaunoy
CIRCL - Computer Incident Response Center Luxembourg
41, avenue de la gare L-1611 Luxembourg
info@circl.lu - www.circl.lu
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]