OASIS Cyber Threat Intelligence (CTI) TC

 View Only
  • 1.  InformationSource

    Posted 02-03-2016 16:46
    While I understand the great flexibility that can exist with using a relationship object to tie a source to a TLO, I really question if the extra complexity is worth it.   In an effort to target the 80% and to make STIX super easy to use, I am wondering if it would not be better for 2.0 to just use an optional created_by_id that points to some InformationSource Object.  In doing this I can see a lot of these InformationSource objects becoming well known . Then in some future release, if the community and tools need more flexibility, we could again look at using relationships.  But lets learn to walk before we try to run. Further, we have a tendency to flirt with the slipper slope of scope creep.  Lets focus on the minimum amount of things that actually need to be done to meet an 80% target.  We can always rev the standard and add stuff later.   Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail