[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [cti] STIX Best Practice Guide
Rich, ÂÂÂÂÂÂÂÂÂÂÂÂÂÂÂ I believe that greater alignment of CTI STIX and SBOM taxonomy, semantics and data content standards would be beneficial to parties in the Energy industry that are performing software supply chain risk assessments to protect the Bulk Electric System from cyberattack. The ability to quickly and accurately identify vulnerabilities for a specific software product, as defined by itâs SBOM content, would greatly improve risk based decisions to install/not install a software object based on a trustworthiness score. Todayâs vulnerability search results contain far too many false positives resulting in a poor signal/noise ratio. These results could improve dramatically by aligning SBOM and STIX, data and content model standards. Thanks, Dick Brooks Never trust software, always verify and report! â http://www.reliableenergyanalytics.com Email: dick@reliableenergyanalytics.com Tel: +1 978-696-1788 From: cti@lists.oasis-open.org <cti@lists.oasis-open.org> On Behalf Of Rich Piazza DHS has asked MITRE to organize the writing of a best practice guide for STIX. We have some basic ideas, but were hoping for some input from the community. In many calls, emails and in Slack â members of the TC would often say something like â âthatâs a data quality issueâ, or âproducers should follow certain guidelines when creating this content (e.g., naming labels)â. Those are among the kind of things this document would capture. DHS sees this document as a possible OASIS CTI TC note, so all content would be intellectual property of OASIS and the TC. As a google document, anyone on the TC can contribute. Here is an outline MITRE put together. It is just a âstrawmanâ. The way to organize the document is open to discussion. The subsections are possible topics for best practices that we thought of. Any suggestions would be welcome 😊 Rich P. -- Rich Piazza Lead Cyber Security Engineer The MITRE Corporation 781-271-3760 |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]