cti message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [cti] Re: [EXT] Re: [cti] Summary from Working Call
- From: "Jason Keirstead" <Jason.Keirstead@ca.ibm.com>
- To: "Piazza, Rich" <rpiazza@mitre.org>
- Date: Wed, 6 Feb 2019 11:41:58 -0400
Well said Rich. +1.
-
Jason Keirstead
Lead Architect - IBM Security Connect
www.ibm.com/security
"Things may come to those who wait, but only the things left by those
who hustle." - Unknown
From:
"Piazza, Rich"
<rpiazza@mitre.org>
To:
Allan Thomson <athomson@lookingglasscyber.com>,
Bret Jordan <Bret_Jordan@symantec.com>, "cti@lists.oasis-open.org"
<cti@lists.oasis-open.org>
Date:
02/06/2019 10:55 AM
Subject:
[cti] Re: [EXT]
Re: [cti] Summary from Working Call
Sent by:
<cti@lists.oasis-open.org>
FWIW, I have to agree with Allanâs concerns.
I am in favor of option 2, because people seem to need it, and it
seems sort of harmless. But I think trying to make TAXII a âswiss
army knifeâ is not wise.
If you remember, I âledâ the push to
release STIX 2.1 last spring, as it âwasâ. Some might argue that
the discussions and changes we have made since then have shown that this
was a bad idea. I donât know if I agree, but that is water under
the bridge.
But here we are, 10 months later and getting
something released is even more imperative. For instance, would have
it been so terrible if the changes to cyber observables took place in STIX
2.2, which if we had already released 2.1 would be the version that we
were about to release now? No one in the community should be expecting
each release to be perfect and complete.
If I remember correctly, we started on
STIX/TAXII 2.1 during the Obama administration!
Going forward, I think we need to be more
âagileâ in our work. I know developing standards arenât the same
as developing software, and having a new version too often has its downsides.
There will always be another SDO we want to eventually be in the
standard. There is always going to be a new feature that we want
a TAXII server to have. But adding feature after feature means that
the release date is always 6 months in the future. And we donât
want the standards to be bloated. Remember, STIX and TAXII is for
sharing data â not processing it.
The market will develop and indicate the
new features that should be included in future releases, as Allen said.
I know many will violently disagree this
â but I think I speak for many in the committee.
Cheers!
Rich P.
From: <cti@lists.oasis-open.org>
on behalf of Allan Thomson <athomson@lookingglasscyber.com>
Date: Tuesday, February 5, 2019 at 5:36 PM
To: Bret Jordan <Bret_Jordan@symantec.com>, "cti@lists.oasis-open.org"
<cti@lists.oasis-open.org>
Subject: [EXT] Re: [cti] Summary from Working Call
Bret â I wasnât able to attend the call
but an input I have would be that this new capability (whatever option
you prefer) should be optional and not required.
This might help remove some objections
to having to implement Option 1) vs 2) temporarily.
It also helps remove one of my primary
objections which is that we should avoid treating TAXII as a database or
interface to a database. That is a slippery slope to duplicating a lot
of functionality that databases/indexing and other query engines were designed/excel
at.
So Iâm supportive of organizations that
want to implement this in a TAXII server but it should not be mandatory
for *all* TAXII servers to do so.
Let the market decide what TAXII server
capabilities matter and relevant to buying decisions.
Allan
From: "cti@lists.oasis-open.org"
<cti@lists.oasis-open.org> on behalf of Bret Jordan <Bret_Jordan@symantec.com>
Date: Tuesday, February 5, 2019 at 1:10 PM
To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>
Subject: [cti] Summary from Working Call
All,
On today's working call we talked about
TAXII query, search, and pivoting. We had 17 participants on the
call today. The consensus on the call was to move forward with adding
a simple RESTful endpoint (option 2) to allow pivoting on relationships.
We will also look at a more fully fleshed out query/search solution in
a future version of TAXII. Six people on the call voiced support
for this option (Rich, Trey, Jeff, John-Mark, Sean, Ryan), and no one objected
to moving forward with this direction.
It is also important to note that Marlon
/ DHS might have a proposal for how we could address some of the other
query use cases using a similar approach to what we are proposing (option
2) for relationships. Once that proposal is submitted to the TC, the TC
can review it and determine if and when it should be adopted.
Thanks everyone for attending the call
today. We made a lot of progress. Drew and I will start implementing
this in to TAXII 2.1 Working Draft 07.
Thanks
Bret
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]