OASIS Charter Submission Discuss

The convener call for the Static Analysis Results Interchange Format (SARIF) TC was held today.  Attending:  - Ram Jeyaraman, Microsoft  - Yekaterina Tsipenyuk O'Neil, HPE - Robin Cover, OASIS  - Chet Ensign, OASIS  We went through the agenda for the meeting.  - Chet requested that the final draft charter be delivered to OASIS by April 2.  - We discussed the comments received. Ram will work with Larry on updating section (2)(a) Similar Work.  - Ram agrees that part 1 of the proposal including the TC name is stable and we can proceed with our tasks based on that text.  - Ram asked about new co-proposers from DHS and Synopsis. Chet will check with Dee on Synopsis. - Regarding MAEC, Ram or Larry will touch base with Ivan K. on the spec and encourage him (or someone in the MAEC effort) to join the TC at least to initially sync up on their respective efforts.  - Ram will send out the agenda for the first meeting and put it on the calendar approximately 2 weeks before the first meeting. We reviewed his agenda draft and agreed that it is good.  - We discussed fixing the first meeting date which was listed as September 4th. Proposal, which Ram will confirm with Larry, is September 6th, 9:00 - 11:00 Pacific time.  -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393 

Hello Everyone…
 
I’m Kevin Greene and excited to join this group.  I know some folks listed here like Chris Wysopal, but many I’m not familiar with.  Hopefully this group will
allow me the opportunity to meet each of you.  I’m currently running a R&D Program in Software Assurance at DHS S&T, Cyber Security Division.. currently funding programs like the Software Assurance Marketplace (SWAMP), Code Dx, Denim Group Thread Fix.  I’m
looking forward in working with members of this group.
 
Best Regards
 
KevEG
 
From: Chet Ensign [mailto:chet.ensign@oasis-open.org]

Sent: Monday, July 31, 2017 1:58 PM
To: OASIS Charter Discuss List <oasis-charter-discuss@lists.oasis-open.org>
Cc: mikefan@microsoft.com; lgolding@microsoft.com; Luke Cartey <luke@semmle.com>; Rex Jaeschke <rex@rexjaeschke.com>; katrina@hpe.com; Chris Wysopal <cwysopal@veracode.com>; Greene, Kevin E <kevin.greene@hq.dhs.gov>; Ram Jeyaraman <Ram.Jeyaraman@microsoft.com>;
Robin Cover <robin@oasis-open.org>; Carol Geyer <carol.geyer@oasis-open.org>; Dee Schur <dee.schur@oasis-open.org>
Subject: Notes from SARIF convener call 31 July 2017
 


The convener call for the Static Analysis Results Interchange Format (SARIF) TC was held today. 


 


Attending: 


 


- Ram Jeyaraman, Microsoft 


- Yekaterina Tsipenyuk O'Neil, HPE


- Robin Cover, OASIS 


- Chet Ensign, OASIS 


 


We went through the agenda for the meeting. 


 


- Chet requested that the final draft charter be delivered to OASIS by April 2. 


 


- We discussed the comments received. Ram will work with Larry on updating section (2)(a) Similar Work. 


 


- Ram agrees that part 1 of the proposal including the TC name is stable and we can proceed with our tasks based on that text. 


 


- Ram asked about new co-proposers from DHS and Synopsis. Chet will check with Dee on Synopsis.


 


- Regarding MAEC, Ram or Larry will touch base with Ivan K. on the spec and encourage him (or someone in the MAEC effort) to join the TC at least to initially sync up on their respective efforts. 


 


- Ram will send out the agenda for the first meeting and put it on the calendar approximately 2 weeks before the first meeting. We reviewed his agenda draft and agreed that it is good. 


 


- We discussed fixing the first meeting date which was listed as September 4th. Proposal, which Ram will confirm with Larry, is September 6th, 9:00 - 11:00 Pacific time. 


 

--





/chet 
----------------
Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society
http://www.oasis-open.org

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 

We are currently adding this functionality to the malware object in STIX.  I would encourage all of you to join that effort and help us. I would hate to see yet another duplicative standard.


Bret 

Sent from my Commodore 64 


PGP
Fingerprint:  63B4 FC53 680A 6B7D 1447  F2C0 74F8 ACAE 7415 0050


On Jul 31, 2017, at 4:46 PM, Chet Ensign < chet.ensign@oasis-open.org > wrote:





The convener call for the Static Analysis Results Interchange Format (SARIF) TC was held today. 



Attending: 


- Ram Jeyaraman, Microsoft 
- Yekaterina Tsipenyuk O'Neil, HPE
- Robin Cover, OASIS 
- Chet Ensign, OASIS 


We went through the agenda for the meeting. 


- Chet requested that the final draft charter be delivered to OASIS by April 2. 


- We discussed the comments received. Ram will work with Larry on updating section (2)(a) Similar Work. 


- Ram agrees that part 1 of the proposal including the TC name is stable and we can proceed with our tasks based on that text. 


- Ram asked about new co-proposers from DHS and Synopsis. Chet will check with Dee on Synopsis.


- Regarding MAEC, Ram or Larry will touch base with Ivan K. on the spec and encourage him (or someone in the MAEC effort) to join the TC at least to initially sync up on their respective efforts. 


- Ram will send out the agenda for the first meeting and put it on the calendar approximately 2 weeks before the first meeting. We reviewed his agenda draft and agreed that it is good. 


- We discussed fixing the first meeting date which was listed as September 4th. Proposal, which Ram will confirm with Larry, is September 6th, 9:00 - 11:00 Pacific time. 


--




/chet 
----------------
Chet Ensign
Director of Standards Development and TC Administration 
OASIS: Advancing open standards for the information society
http://www.oasis-open.org

Primary: +1 973-996-2298
Mobile: +1 201-341-1393 

On 01.08.2017 02:41:06, Bret Jordan wrote: > We are currently adding this functionality to the malware object in > STIX. I would encourage all of you to join that effort and help us. > I would hate to see yet another duplicative standard. > Indeed. We've been working with DC3 on incorporating MWCP [1] into the STIX Malware data model. Not to suggest that MWCP addresses all of the static analysis metadata that the proposed SARIF TC intends to develop a standard for but there's clearly significant overlap between our respective efforts. [1]: https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP/blob/master/README.md -- Cheers, Trey ++--------------------------------------------------------------------------++ Director of Standards Development, New Context gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338 ++--------------------------------------------------------------------------++ -- "It is more complicated than you think." --RFC 1925 Attachment: signature.asc Description: Digital signature

Sorry to be a wet blanket, but I don’t think there is much if any alignment between SARIF and STIX or MAEC. SARIF is aimed at standardizing the output of the static analysis of source code, e.g., “unused variable declared on line 192”. STIX and MAEC are data models and serializations for structured cyber threat intelligence and malware characterization, respectively. While there may be some lessons learned in terms of serialization and formatting that we could share with the SARIF community, I just don’t see any real semantic alignment between our efforts. Regards, Ivan On 8/1/17, 9:14 AM, "Trey Darley" <trey@newcontext.com> wrote: On 01.08.2017 02:41:06, Bret Jordan wrote: > We are currently adding this functionality to the malware object in > STIX. I would encourage all of you to join that effort and help us. > I would hate to see yet another duplicative standard. > Indeed. We've been working with DC3 on incorporating MWCP [1] into the STIX Malware data model. Not to suggest that MWCP addresses all of the static analysis metadata that the proposed SARIF TC intends to develop a standard for but there's clearly significant overlap between our respective efforts. [1]: https://github.com/Defense-Cyber-Crime-Center/DC3-MWCP/blob/master/README.md -- Cheers, Trey ++--------------------------------------------------------------------------++ Director of Standards Development, New Context gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338 ++--------------------------------------------------------------------------++ -- "It is more complicated than you think." --RFC 1925

On 01.08.2017 15:14:08, Trey Darley wrote: > > Indeed. We've been working with DC3 on incorporating MWCP [1] into > the STIX Malware data model. Not to suggest that MWCP addresses all > of the static analysis metadata that the proposed SARIF TC intends > to develop a standard for but there's clearly significant overlap > between our respective efforts. > Hey, y'all - Apparently I'm not firing on all cylinders today. Ivan Kirillov just pointed out that SARIF is intended to address static source code analysis, not static analysis of malware binaries. These are clearly very different things. I retract my previous comments and apologize for the spurious mail traffic. ¯\_(?)_/¯ -- Cheers, Trey ++--------------------------------------------------------------------------++ Director of Standards Development, New Context gpg fingerprint: 3918 9D7E 50F5 088F 823F 018A 831A 270A 6C4F C338 ++--------------------------------------------------------------------------++ -- "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." --RFC 1925 Attachment: signature.asc Description: Digital signature

Hi folks,  Well, you all got that sorted out. I just want to quickly add that if, at any time, you think a conversation to explore touch points & possible areas of alignment would be useful, staff is happy to organize it for you.  Best,  /chet On Tue, Aug 1, 2017 at 11:26 AM, Trey Darley < trey@newcontext.com > wrote: On 01.08.2017 15:14:08, Trey Darley wrote: > > Indeed. We've been working with DC3 on incorporating MWCP [1] into > the STIX Malware data model. Not to suggest that MWCP addresses all > of the static analysis metadata that the proposed SARIF TC intends > to develop a standard for but there's clearly significant overlap > between our respective efforts. > Hey, y'all - Apparently I'm not firing on all cylinders today. Ivan Kirillov just pointed out that SARIF is intended to address static source code analysis, not static analysis of malware binaries. These are clearly very different things. I retract my previous comments and apologize for the spurious mail traffic. ¯\_(?)_/¯ -- Cheers, Trey ++---------------------------- ------------------------------ ----------------++ Director of Standards Development, New Context gpg fingerprint: 3918 9D7E 50F5 088F 823F  018A 831A 270A 6C4F C338 ++---------------------------- ------------------------------ ----------------++ -- "With sufficient thrust, pigs fly just fine. However, this is not necessarily a good idea. It is hard to be sure where they are going to land, and it could be dangerous sitting under them as they fly overhead." --RFC 1925 -- /chet  ---------------- Chet Ensign Director of Standards Development and TC Administration  OASIS: Advancing open standards for the information society http://www.oasis-open.org Primary: +1 973-996-2298 Mobile: +1 201-341-1393