[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti] Re: [EXT] Re: [cti] Common repository for STIX CTI objects
Rich, ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ This is a much needed capability to improve signal/noise ratio in todayâs vulnerability reporting ecosystem. ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ One suggestion is to ensure alignment between an SBOM ontology and the ânew repositoryâ ontology so that a complete SBOM can be submitted to the repository to query for vulnerabilities. ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ This would be an enormous and valuable benefit. SBOMâs are becoming key components in software supply chain risk assessments. You can see this focus on SBOM within recent DOE, FERC and EEI documents all published within the last 3 months. Thanks, Dick Brooks Never trust software, always verify and report! â http://www.reliableenergyanalytics.com Email: dick@reliableenergyanalytics.com Tel: +1 978-696-1788 From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> On Behalf Of Rich Piazza Hi Andrew, We are at the beginning of the process of designing the common repository â so all ideas are worth considering 😊 I made comments below about my thoughts on your âworkflowsâ below. Rich From: <cti@lists.oasis-open.org> on behalf of Andrew Storms <storms@newcontext.com> Hi Rich. I have a question of clarification. 2 potential workflows:
In the STIX 2.1 specification the following is stated concerning the contents of a bundle in section 3.3: ID references can refer to objects to which the consumer/producer may not currently have. This specification does not address the implementation of ID reference resolution. The general understanding is there is no requirement that a bundle have all of the objects referred to within it. With that in mind, if an object is contained in the common repository, there would be no need to âcut and pasteâ it into the content that a producer is creating, because any consumer could look up the identifier in the common repository - thus saving on the amount of data that needs to be transmitted. Whether or not the common objects are âcachedâ at the consumerâs or producerâs site is up to them. If the content from the repository wasnât exactly what you wanted â you could certainly think of it as a template, but since it can only be edited by the object creator, you would need to create a new object, with a new id.
Basically, the latter. As I mentioned above, just the STIX identifier (not a URL) needs to be referenced in the content. Hopefully my questions make sense. --A On Mon, Jul 6, 2020 at 7:59 AM Rich Piazza <rpiazza@mitre.org> wrote:
-- |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]