OASIS Cyber Threat Intelligence (CTI) TC

  • 1.  Feature voting and tracking system

    Posted 10-22-2015 01:02
    We really need a way to track features, concepts, ideas and have the ability to vote up / down the ideas.  A solution like this really needs the following key features: 1. Ability to document a concept, idea, or features, similar to what we do today in the issue tracker in GitHub 2. Ability for people to vote up or down the main item 3. Ability to star an the item as a second form of tracking to possibly indicate preference 4. The ability to comment on the top level element just like you can in GitHub 5. Ability to comment on comments.  6. Ability to vote up / down a comment  7. Ability to mark a comment as the current train of thought or current consensus of the thread.  This will help people come up to speed more quickly on issues. In the past I have suggested something like StackOverflow.  Yes, this is usually used for a QnA type system, and that is what it is geared towards.  However, I feel that a lot of the elements that it has could be very useful for us to use.   Here is an example of a QnA question that shows most of the elements or requirements that I have illustrated above.  See how multiple can comment on the item and multiple comments can get votes, and how it tracks edits to comments. http://stackoverflow.com/questions/21029174/whats-this-operator A solution like this would be a replacement for the GitHub Issue tracker.  Meaning, we would not store issues in GitHub anymore.  Further, I could see a lot of the discussion around topics moving out of email and in to a system like StackOverflow.  Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050 Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg.   Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail


  • 2.  October CTI TC Meeting

    Posted 10-22-2015 13:49
    Dear CTI TC,   As a reminder, our monthly meeting will occur at 10AM ET today.  As a reminder, the WebConf Meeting Management Chat Room will also be open, please be sure to log on to both the chat and the call.   http://webconf.soaphub.org/conf/room/OASIS-CTI   Here is the bridgeline information:   ....................................................................................................................................... Join online meeting https://meet.mitre.org/ikirillov/Z2WPVMSK   Join by Phone +1 (781) 271-2020  +1 (703) 983-2020  Find a local number   Conference ID: 73137784   Forgot your dial-in PIN?    First online meeting? .........................................................................................................................................     Thanks,   Alex   This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.


  • 3.  October CTI TC Meeting Minutes

    Posted 10-22-2015 15:10
    Thank you to everyone who joined today.  I have attached the meeting minutes and attendance, and will work with Rich to trigger our electronic votes on STIX / TAXII OASIS draft specification approval.   Also FYI, the STIX and TAXII decks discussed today have been posted to the OASIS Portal. https://www.oasis-open.org/apps/org/workgroup/cti/documents.php   Alex Foley OASIS CTI TC Secretary   This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message. Attachment: OASIS CTI TC Meeting - Attendance - October 21 2015.csv Description: OASIS CTI TC Meeting - Attendance - October 21 2015.csv Attachment: OASIS CTI TC Meeting - Minutes - October 21 2015.pdf Description: OASIS CTI TC Meeting - Minutes - October 21 2015.pdf


  • 4.  RE: October CTI TC Meeting Minutes

    Posted 10-22-2015 15:14
    Sorry for the document names folks – they’ll be corrected to reflect the right date on the OASIS portal.   Thanks,   Alex   From: cti@lists.oasis-open.org [mailto:cti@lists.oasis-open.org] On Behalf Of Foley, Alexander - GIS Sent: Thursday, October 22, 2015 11:10 AM To: cti@lists.oasis-open.org Subject: [cti] October CTI TC Meeting Minutes   Thank you to everyone who joined today.  I have attached the meeting minutes and attendance, and will work with Rich to trigger our electronic votes on STIX / TAXII OASIS draft specification approval.   Also FYI, the STIX and TAXII decks discussed today have been posted to the OASIS Portal. https://www.oasis-open.org/apps/org/workgroup/cti/documents.php   Alex Foley OASIS CTI TC Secretary   This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer . If you are not the intended recipient, please delete this message. This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.


  • 5.  Re: [cti] Call for Papers: Policy Forum EU

    Posted 02-12-2016 10:42
    Hi All: This call for papers was sent to me by Dr. Louis Marinos of ENISA.  I'm forwarding this on to you in case you might have an interest in presenting at this forum. Call For Papers Annual Privacy Forum 2016 (http://privacyforum.eu/) bringing research & policy together, 7-8 September, Frankfurt am Main. Nowadays electronic communication networks and digital services are an essential part of an increasing number of everyday commodities. In the era of automated profiling and electronic surveillance, citizens face a serious threat against their right to privacy and informational self-determination, especially when using the internet and mobile services. The lack of transparency regarding the functionality and interconnection of such services increases the risk of uncontrollable processing of personal data. In this regard, the upcoming Data Protection Regulation will be a useful instrument to protect the privacy of individuals. However, for its successful implementation, this new framework needs to be enforced by proper technologies and encompassed with sustainable business models along with mechanisms to promote privacy awareness and help users to understand the value of their data.   ENISA is organizing the 2016 edition of the annual privacy forum, in the light of the upcoming data protection regulation and the European digital agenda. We invite papers covering original work on the technological, economic, legal and societal aspects of the challenges that will come up with the implementation of the new framework. We particularly invite multidisciplinary papers that make it explicit how the presented work can contribute to bridging the gap between research and policy. Moreover, in order to also encourage contributions from policy makers, representatives of competent authorities (such as Data Protection Authorities), industry experts, NGOs and civil society associations, we invite opinion papers from all stakeholders on the above mentioned topics. Opinion papers will reflect the opinion/position of the author(s) on the selected privacy-related topic.  We call for original work in the following fields:  - Implementation aspects of by design and 'by default' paradigms  - Implementation and adoption of PETs in today's digital services  - Modelling of data protection and privacy requirements, such as: machine readable representations and automatic evaluation of policies  - Enabling transparency: technological and organizational challenges.  - Technical solutions for the enforcement and the implications of the subject's right, e.g. right to erasure, access and correction.  - Aspects of privacy impact and risk assessment  - Technical solutions for data portability  - Sustainable business models for privacy friendly online services  - Information and consent in online environments: practical solutions and implementations  - Privacy awareness, reliability and usability of PETs  - Trust services for the protection of personal data  - privacy aware trust services (i.e. electronic certificates, signatures, etc.)  - Security measures for the protection of personal data  - Economics of privacy and personal data  Review and Publication  All submissions will be thoroughly reviewed by our PC members. We aim at minimal 3 average 4 reviews per Paper. Furthermore, papers will be published in the proceedings of the conference with a publishing house soon to be selected and announced.  Important dates   Submission of full papers: March 15, 2016 23:59  AoE Notification to author: May 10, 2016  Camera-ready copies: May 31, 2016  APF 2016 taking place on: September 7-8, 2016  -- Jane Ginn, MSIA, MRP  Cyber Threat Intelligence Network, Inc.  jg@ctin.us


  • 6.  Re: [cti] Feature voting and tracking system

    Posted 10-22-2015 15:20



    So I have to admit that I still don’t really understand the whole voting thing. What are we using the votes for, prioritization? Or will issues that get a lot of “downvotes” not get addressed?


    I think I said this on the call yesterday, but my preferred approach would be for someone (the co-chairs) to lay out a rough roadmap of the issues that we need to address. They can take into account list preferences, dependencies between issues,
    etc. In particular, they could identify some fundamental issues to talk through first before hitting the specifics. Then they send that roadmap to the list and if anyone wants to add to it or disagrees with it we talk about it.


    I worry that if we just rely on upvotes we’re going to tackle things randomly rather than strategically and we’ll end up spinning our wheels. For example, if you look at our previous conversations on relationships we ended up with short diversions
    to versioning, IDs, markings, and other topics that we probably should tackle separately, first, so that they don’t keep coming up in other discussions.


    I do like the idea of threaded conversations. The mailing list is difficult if you miss even one day of a quick discussion. Though it seems like the mailing list + Github is working *OK* (not great, but OK) and I wouldn’t want to spend months
    figuring out how to switch to Stack Exchange when we could be actually working on STIX issues during that time.


    To sum up: less talk about how to do things, more actually doing things.


    John



    On Oct 21, 2015, at 9:02 PM, Jordan, Bret < bret.jordan@BLUECOAT.COM > wrote:



    We really need a way to track features, concepts, ideas and have the ability to vote up / down the ideas.  A solution like this really needs the following key features:


    1. Ability to document a concept, idea, or features, similar to what we do today in the issue tracker in GitHub


    2. Ability for people to vote up or down the main item


    3. Ability to star an the item as a second form of tracking to possibly indicate preference


    4. The ability to comment on the top level element just like you can in GitHub


    5. Ability to comment on comments. 


    6. Ability to vote up / down a comment 


    7. Ability to mark a comment as the current train of thought or current consensus of the thread.  This will help people come up to speed more quickly on issues.













    In the past I have suggested something like StackOverflow.  Yes, this is usually used for a QnA type system, and that is what it is geared towards.  However, I feel that a lot of the elements that it has could be very
    useful for us to use.  


    Here is an example of a QnA question that shows most of the elements or requirements that I have illustrated above.  See how multiple can comment on the item and multiple comments can get votes, and how it tracks edits
    to comments.


    http://stackoverflow.com/questions/21029174/whats-this-operator


    A solution like this would be a replacement for the GitHub Issue tracker.  Meaning, we would not store issues in GitHub anymore.  Further, I could see a lot of the discussion around topics moving out of email and in
    to a system like StackOverflow. 






    Thanks,


    Bret











    Bret Jordan CISSP

    Director of Security Architecture and Standards Office of the CTO

    Blue Coat Systems

    PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg." 





















  • 7.  Re: [cti] Feature voting and tracking system

    Posted 10-22-2015 17:20
    I think voting or prioritizing by some method is very important. Look at how many issues are currently tracked on the STIX GIthub (154). Some of these are much more important than others and affect many more stakeholders - yet, we have no idea at a high level to rank these by importance, because Github doesn't let anyone rank anything. Its also very hard to filter and search issues due to the way the tagging system works. ( As an aside, I actually don't understand how people use Github for production software offerings without these capabilities... we are talking about table-stakes stuff here for an issue tracker ) I would like to second the proposal to look at the OASIS JIRA. Personally I feel that the lack of proper ability to do voting and to do triage on the issue list, is of far more importance than any tie of the issue list to source code. I'm impartial as to what actual issue tracker is used, but voting and categorization is table stakes... and if JIRA is available for use, why not use it. What's more, JIRA can integrate with Github anyway... has OASIS investigated simply integrating their JIRA to Github? http://blogs.atlassian.com/2014/04/connecting-jira-6-2-github/ . This would make the whole "link to code" argument not really an issue - Jason Keirstead Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown "Wunder, John A." ---2015/10/22 12:19:39 PM---So I have to admit that I still don’t really understand the whole voting thing. What are we using th From: "Wunder, John A." <jwunder@mitre.org> To: "cti@lists.oasis-open.org" <cti@lists.oasis-open.org> Date: 2015/10/22 12:19 PM Subject: Re: [cti] Feature voting and tracking system Sent by: <cti@lists.oasis-open.org> So I have to admit that I still don’t really understand the whole voting thing. What are we using the votes for, prioritization? Or will issues that get a lot of “downvotes” not get addressed? I think I said this on the call yesterday, but my preferred approach would be for someone (the co-chairs) to lay out a rough roadmap of the issues that we need to address. They can take into account list preferences, dependencies between issues, etc. In particular, they could identify some fundamental issues to talk through first before hitting the specifics. Then they send that roadmap to the list and if anyone wants to add to it or disagrees with it we talk about it. I worry that if we just rely on upvotes we’re going to tackle things randomly rather than strategically and we’ll end up spinning our wheels. For example, if you look at our previous conversations on relationships we ended up with short diversions to versioning, IDs, markings, and other topics that we probably should tackle separately, first, so that they don’t keep coming up in other discussions. I do like the idea of threaded conversations. The mailing list is difficult if you miss even one day of a quick discussion. Though it seems like the mailing list + Github is working *OK* (not great, but OK) and I wouldn’t want to spend months figuring out how to switch to Stack Exchange when we could be actually working on STIX issues during that time. To sum up: less talk about how to do things, more actually doing things. John
    On Oct 21, 2015, at 9:02 PM, Jordan, Bret < bret.jordan@BLUECOAT.COM > wrote: We really need a way to track features, concepts, ideas and have the ability to vote up / down the ideas. A solution like this really needs the following key features: 1. Ability to document a concept, idea, or features, similar to what we do today in the issue tracker in GitHub 2. Ability for people to vote up or down the main item 3. Ability to star an the item as a second form of tracking to possibly indicate preference 4. The ability to comment on the top level element just like you can in GitHub 5. Ability to comment on comments. 6. Ability to vote up / down a comment 7. Ability to mark a comment as the current train of thought or current consensus of the thread. This will help people come up to speed more quickly on issues. In the past I have suggested something like StackOverflow. Yes, this is usually used for a QnA type system, and that is what it is geared towards. However, I feel that a lot of the elements that it has could be very useful for us to use. Here is an example of a QnA question that shows most of the elements or requirements that I have illustrated above. See how multiple can comment on the item and multiple comments can get votes, and how it tracks edits to comments. http://stackoverflow.com/questions/21029174/whats-this-operator A solution like this would be a replacement for the GitHub Issue tracker. Meaning, we would not store issues in GitHub anymore. Further, I could see a lot of the discussion around topics moving out of email and in to a system like StackOverflow. Thanks, Bret Bret Jordan CISSP Director of Security Architecture and Standards Office of the CTO Blue Coat Systems PGP Fingerprint: 63B4 FC53 680A 6B7D 1447 F2C0 74F8 ACAE 7415 0050 "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."




  • 8.  Re: [cti] Feature voting and tracking system

    Posted 10-22-2015 17:57





    The intent was not that this “voting” would be the sole arbiter of prioritized ordering.
    If you look at the
    proposed development process for 2.0 that we discussed, agreed to and published a couple of months ago you will see that the intent is that each member review tracker items and then offer their opinion on prioritization “based on importance” using a TBD
    mechanism (what we are discussing now). These individual opinions would then be considered in aggregation and then factor in other criteria such as cross-dependencies and impacts in order to reach an actual prioritization.
    This aggregate prioritization is characterized as:
    "
    Review set of issues suggested as in scope for 2.0

    Identify consensus scoping of issues for consideration Identify and eliminate unnecessary duplication between issues (merge/consolidate where appropriate) Identify cross-dependencies and impacts between in-scope issues Identify use cases relevant to each issue Identify consensus prioritization of in-scope issues based on importance Prioritize in-scope issues based on dependence (which issues should be resolved before others as their resolution impacts the others) and importance


    This “voting” and prioritization technical capability would be used to serve item “a.” in the list above.




    I spoke with Aharon and we are both fine if the SC decides that they are okay with Aharon and I doing the above aggregation and prioritization analysis ourselves and then presenting it as a roadmap. Our concern is that all voices are heard and that there
    is no appearance of bias or favoritism on our part. That is why we have proposed using a mechanism to capture everyone’s opinions in an explicit way. As discussed on the call, one option for the solution is to not have a technical “voting” capability and have
    the co-chairs establish the roadmap. It should be up to the SC members whether or not they prefer this option over the others.


    I certainly agree with "less talk about how to do things, more actually doing things.” That is why I would like to move past talking about capabilities like this and actually decide on which capability to use.


    sean









    From: < cti@lists.oasis-open.org > on behalf of John Wunder < jwunder@mitre.org >
    Date: Thursday, October 22, 2015 at 11:19 AM
    To: " cti@lists.oasis-open.org " < cti@lists.oasis-open.org >
    Subject: Re: [cti] Feature voting and tracking system





    So I have to admit that I still don’t really understand the whole voting thing. What are we using the votes for, prioritization? Or will issues that get a lot of “downvotes” not get addressed?


    I think I said this on the call yesterday, but my preferred approach would be for someone (the co-chairs) to lay out a rough roadmap of the issues that we need to address. They can take into account list preferences, dependencies between issues,
    etc. In particular, they could identify some fundamental issues to talk through first before hitting the specifics. Then they send that roadmap to the list and if anyone wants to add to it or disagrees with it we talk about it.


    I worry that if we just rely on upvotes we’re going to tackle things randomly rather than strategically and we’ll end up spinning our wheels. For example, if you look at our previous conversations on relationships we ended up with short diversions
    to versioning, IDs, markings, and other topics that we probably should tackle separately, first, so that they don’t keep coming up in other discussions.


    I do like the idea of threaded conversations. The mailing list is difficult if you miss even one day of a quick discussion. Though it seems like the mailing list + Github is working *OK* (not great, but OK) and I wouldn’t want to spend months
    figuring out how to switch to Stack Exchange when we could be actually working on STIX issues during that time.


    To sum up: less talk about how to do things, more actually doing things.


    John



    On Oct 21, 2015, at 9:02 PM, Jordan, Bret < bret.jordan@BLUECOAT.COM > wrote:



    We really need a way to track features, concepts, ideas and have the ability to vote up / down the ideas.  A solution like this really needs the following key features:


    1. Ability to document a concept, idea, or features, similar to what we do today in the issue tracker in GitHub


    2. Ability for people to vote up or down the main item


    3. Ability to star an the item as a second form of tracking to possibly indicate preference


    4. The ability to comment on the top level element just like you can in GitHub


    5. Ability to comment on comments. 


    6. Ability to vote up / down a comment 


    7. Ability to mark a comment as the current train of thought or current consensus of the thread.  This will help people come up to speed more quickly on issues.













    In the past I have suggested something like StackOverflow.  Yes, this is usually used for a QnA type system, and that is what it is geared towards.  However, I feel that a lot of the elements that it has could be very
    useful for us to use.  


    Here is an example of a QnA question that shows most of the elements or requirements that I have illustrated above.  See how multiple can comment on the item and multiple comments can get votes, and how it tracks edits
    to comments.


    http://stackoverflow.com/questions/21029174/whats-this-operator


    A solution like this would be a replacement for the GitHub Issue tracker.  Meaning, we would not store issues in GitHub anymore.  Further, I could see a lot of the discussion around topics moving out of email and in
    to a system like StackOverflow. 






    Thanks,


    Bret











    Bret Jordan CISSP

    Director of Security Architecture and Standards Office of the CTO

    Blue Coat Systems

    PGP Fingerprint: 63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050
    "Without cryptography vihv vivc ce xhrnrw, however, the only thing that can not be unscrambled is an egg."