[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti] Re: [EXT] Re: [cti] STIX 2.1 CSD02 Sponsorship?
Hi Ivan â Given that nature of deterministic IDs and the point that 2 vendors (if complying to the spec) should be able to produce the same SCO with the same deterministic ID and then see things merge correctly
when their intel is shared into a TIP or similar system that would see both intel providers then I think we should have interop rules and tests to verify that. Similarly, if a vendor chooses to create SCO with their own ID creation algorithm then we need to make sure that this intel would co-exist in a ecosystem where we have both deterministic ID creation of SCO
with compliant algorithm vs vendor-specific algorithm and then all of those SCO are referenced by the same campaigns/attack patternsâ.etc. So I think interop rules needs to be created for all these use cases. I can also think of more that will have a very tangible impact on anyone trying to use SCO from single or multi-vendors. From: "Kirillov, Ivan" <ikirillov@mitre.org> Hi Allan, What Iâm trying to get at is whether the sponsored item requires interop text (including profile, examples, etc.) and working code or just working code. Some items, like deterministic IDs, seem like theyâll
only require code while others will require both interop + code. Discussing at the next working call sounds good to me. Thanks, Ivan From: <cti@lists.oasis-open.org> on behalf of Allan Thomson <athomson@lookingglasscyber.com> Hi Ivan â not exactly sure what you mean by âtypeâ of sponsorship.
Or Do you mean more examples that we want for SCO sponsorship verification? Maybe we can add this discussion topic to the next weekly meeting. Allan Thomson CTO (+1-408-331-6646) From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of "Kirillov, Ivan" <ikirillov@mitre.org> That makes sense to me, Allan. Any other thoughts as to the âtypeâ of sponsorship for the below items? Thanks, Ivan From: <cti@lists.oasis-open.org> on behalf of Allan Thomson <athomson@lookingglasscyber.com> Ivan â I would suggest that the user of SCO as top-level objects just needs to be conceptually verified. A couple of real-world examples might suffice.
Those 2 examples might be good enough. Allan Thomson CTO (+1-408-331-6646) From: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> on behalf of "Kirillov, Ivan" <ikirillov@mitre.org> All, Now that STIX 2.1 CSD02 is out the door, we can begin the sponsorship process. However, one of the questions that we (MITRE/DHS) have is with regards to the âtypeâ of sponsorship expected for each item â âfullâ
(code + interop text) or just working code. If you recall from the last sponsorship period, certain things like confidence only required working code while others such as the Opinion & Note objects required interop text as well. Hereâs the list of items for sponsorship, along with my own thoughts as to the type of sponsorship:
Also, I would suggest that we donât formally start the sponsorship period until we get this question resolved, so that sponsors have a better understanding of what is expected. -Ivan |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]