CTI STIX Subcommittee

Small changes from 2.0 - 2.1 - add relationship from indicator to vulnerability - current consensus

  • 1.  Small changes from 2.0 - 2.1 - add relationship from indicator to vulnerability - current consensus

    Posted 09-05-2017 20:17


    On today’s working call, we discussed the proposal to add an explicit relationship from an Indicator to a Vulnerability that would say that the Indicator ‘indicates’ a vulnerability.
     
    The vote was as follows:
    Yes – 3
    No – 9
    Abstain - 3
     
    There was also some discussion about pushing this topic to STIX 2.2+, which is always possible for every object we don’t choose to add currently. Thus, the current consensus is to
    NOT include an explicit relationship between indicator and vulnerability (knowing that you can always do it with a custom relationship or the generic relationship), and if necessary, this topic can be revisited in a future version of STIX.
     
    We’re sending this to the list in order to let everyone know what was discussed and to give everyone time to comment or disagree. Unless there are objections, this property will NOT be added, and this issue
    in github will be marked to reflect the decision.
     
     
    Thanks,
     
    Sarah Kelley
    Senior Cyber Threat Analyst
    Multi-State Information Sharing and Analysis Center (MS-ISAC)                   
    31 Tech Valley Drive
    East Greenbush, NY 12061
     
    sarah.kelley@cisecurity.org
    518-266-3493
    24x7 Security Operations Center
    SOC@cisecurity.org  - 1-866-787-4722
     

          
                 

    This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender
    immediately and permanently delete the message and any attachments.


    . . . . .