OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

oasis-charter-discuss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [oasis-charter-discuss] Re: [EXT] [oasis-charter-discuss] Notes from SARIF convener call 31 July 2017

Sorry to be a wet blanket, but I don’t think there is much if any alignment between SARIF and STIX or MAEC.

SARIF is aimed at standardizing the output of the static analysis of source code, e.g., “unused variable declared on line 192”. STIX and MAEC are data models and serializations for structured cyber threat intelligence and malware characterization, respectively. While there may be some lessons learned in terms of serialization and formatting that we could share with the SARIF community, I just don’t see any real semantic alignment between our efforts.


On 8/1/17, 9:14 AM, "Trey Darley" <trey@newcontext.com> wrote:

    On 01.08.2017 02:41:06, Bret Jordan wrote:
    > We are currently adding this functionality to the malware object in
    > STIX. I would encourage all of you to join that effort and help us.
    > I would hate to see yet another duplicative standard.
    Indeed. We've been working with DC3 on incorporating MWCP [1] into the
    STIX Malware data model. Not to suggest that MWCP addresses all of the
    static analysis metadata that the proposed SARIF TC intends to develop
    a standard for but there's clearly significant overlap between our
    respective efforts.
    [1]: https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP/blob/master/README.md
    Director of Standards Development, New Context
    gpg fingerprint: 3918 9D7E 50F5 088F 823F  018A 831A 270A 6C4F C338
    "It is more complicated than you think." --RFC 1925

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]