[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Re: [EXT] Re: [cti] type changing from "object" to "array"for cyber observable objects
STIX2.0 is a significant step in the right direction over STIX1.x. Is it perfect? No.
Is it usable for some key use cases and exchange of threat intelligence, now? Absolutely yes.
Today a large part of intelligence sharing using STIX1.x (unfortunately) has focused on indicator sharing and if we had the majority of the industry adopt STIX2.0 and TAXII2.0 solely on doing that problem better we would have made a good step forward.
I suggest we keeping working hard on making sure STIX/TAXII2.0 is adopted by organizations and get real products exchanging the content we already have defined in STIX2 in an interoperable manner.
Improvements coming in STIX2.1+ only help this but we should not block or hold up the good progress we have in STIX2.0 and Interoperability over STIX1.x.
Looking forward to catching up at the F2F.
regards
allan
From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> on behalf of Struse, Richard J. <rjs@mitre.org>
Sent: Thursday, October 5, 2017 9:51 AM To: Sarah Kelley; Wunder, John A.; Trey Darley; Bret Jordan Cc: cti@lists.oasis-open.org Subject: RE: [cti] Re: [EXT] Re: [cti] type changing from "object" to "array"for cyber observable objects +1
We need to focus on delivering so that people can implement what we've defined and we can learn from real-world experience.
Sent with BlackBerry Work (www.blackberry.com) From: Sarah Kelley <Sarah.Kelley@cisecurity.org>
Date: Thursday, Oct 05, 2017, 1:51 AM
To: Wunder, John A. <jwunder@mitre.org>, Trey Darley <trey@newcontext.com>,
Bret Jordan <Bret_Jordan@symantec.com>
Cc: cti@lists.oasis-open.org <cti@lists.oasis-open.org>
Subject: Re: [cti] Re: [EXT] Re: [cti] type changing from "object" to "array"for cyber observable objects
I agree with John and Trey. The STIX 2.0 spec is done and people are already working on building tools for it. It would extremely counterproductive to make backwards breaking changes, especially of this magnitude, at this point. We need to give people the chance to work with what we’ve done and see how well it flies.
Sarah Kelley Senior Cyber Threat Analyst Multi-State Information Sharing and Analysis Center (MS-ISAC) 31 Tech Valley Drive East Greenbush, NY 12061
518-266-3493 24x7 Security Operations Center SOC@cisecurity.org - 1-866-787-4722
From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of "Wunder, John A." <jwunder@mitre.org>
. . . . . |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]