Use of Operating System reference is not consistent

[Bret Jordan <bret.jordan@broadcom.com>]

All,

An issue was openedÂthat rightfully pointed out that we are not consistent in our use of referencing operating systems between the Malware and Malware-Analysis objects. We would like to fix this since both of these were added for this release. What we are thinking is making both of them point to a SCO software object and adding the SWID/COSWIDÂproperty to the software object. Further, we would make the property names consistent. This will make the consistent across these two objects. ÂPlease let us know if you have any concerns with making this change.Â

Need to make representation of operating system consistent across objects #220

https://github.com/oasis-tcs/cti-stix2/issues/220

From Malware:

os_execution_envs (optional)

list of type string

The operating systems that the malware family or malware instance is executable on. Each string value for this property SHOULD be a CPE v2.3 entry from the official NVD CPE Dictionary [NVD] . This property MAY include custom values including values taken from other standards such as SWID [SWID].

From Malware Analysis:

operating_system_ref (optional)

identifier

The operating system used for the dynamic analysis of the malware instance or family. This applies to virtualized operating systems as well as those running on bare metal. The value of this property MUST be the identifier for a SCO software object.

Thanks,

Bret

PGP Fingerprint:Â63B4 FC53 680A 6B7D 1447 ÂF2C0 74F8 ACAE 7415 0050

"Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."