OASIS Cyber Threat Intelligence (CTI) TC

Expand all | Collapse all

Announcing python-stix2

  • 1.  Announcing python-stix2

    Posted 02-15-2017 17:05




    All-
     
    I recently pushed code for python-stix2 to an OASIS Open Repository on GitHub [1]. It is still in a nascent stage, but I wanted to give people an early look, encourage feedback on the overall direction and
    focus areas of the library, and solicit people interested in helping.  
     
    You do * not * need to be a TC member to contribute to the Open Repository, but you * do * (whether you are a member or not) need to sign a CLA for any code contributions (or significant non-code
    contributions). Also, feel free to provide feedback on these mailing lists or on issues on GitHub.
     
    For a more information, see the README [2] and documentation [3].
     
    Thanks,
    Greg Back
    MITRE
     
    [1]
    https://github.com/oasis-open/cti-python-stix2
    [2]
    https://github.com/oasis-open/cti-python-stix2/blob/master/README.md

    [3]
    http://stix2.readthedocs.io/en/latest/






  • 2.  Re: [cti-users] Announcing python-stix2

    Posted 02-15-2017 18:09
    Greg,

    Many, many thanks to you and the Team at MITRE!!!

    For many of us, these Python Libraries are key to picking up where we left off when the strategic decision to shift from XML to JSON was taken.

    Now we can begin to savor the fruits of everyone's labor in terms of easier development and integration. Reference Implementations will start pouring out soon!


    Patrick Maroney
    Principal Engineer – Data Sciences & Analytics
    Wapack Labs
    609-841-5104
    pmaroney@wapacklabs.com <mailto:pmaroney@wapacklabs.com>

    Public Key: http://pgp.mit.edu/pks/lookup?op=get&search=0x7C810C9769BD29AF <http://pgp.mit.edu/pks/lookup?op=get&search=0x7C810C9769BD29AF>



  • 3.  Re: [cti-users] Announcing python-stix2

    Posted 02-15-2017 18:09
    Greg, Many, many thanks to you and the Team at MITRE!!!  For many of us, these Python Libraries are key to picking up where we left off when the strategic decision to shift from XML to JSON was taken. Now we can begin to savor the fruits of everyone's labor in terms of easier development and integration.  Reference Implementations will start pouring out soon! Patrick Maroney Principal Engineer – Data Sciences & Analytics Wapack Labs 609-841-5104 pmaroney@wapacklabs.com Public Key:  http://pgp.mit.edu/pks/lookup?op=get&search=0x7C810C9769BD29AF Attachment: signature.asc Description: Message signed with OpenPGP using GPGMail


  • 4.  RE: Announcing python-stix2

    Posted 03-15-2017 11:57
    Hi,

    Is there a parallel effort for an open-source java library supporting STIX v2?

    Thanks,
    Eyal.

    From: cti-users@lists.oasis-open.org [mailto:cti-users@lists.oasis-open.org] On Behalf Of Back, Greg
    Sent: Wednesday, February 15, 2017 7:05 PM
    To: cti@lists.oasis-open.org; cti-users@lists.oasis-open.org
    Subject: [cti-users] Announcing python-stix2

    All-

    I recently pushed code for python-stix2 to an OASIS Open Repository on GitHub [1]. It is still in a nascent stage, but I wanted to give people an early look, encourage feedback on the overall direction and focus areas of the library, and solicit people interested in helping.

    You do *not* need to be a TC member to contribute to the Open Repository, but you *do* (whether you are a member or not) need to sign a CLA for any code contributions (or significant non-code contributions). Also, feel free to provide feedback on these mailing lists or on issues on GitHub.

    For a more information, see the README [2] and documentation [3].

    Thanks,
    Greg Back
    MITRE

    [1] https://github.com/oasis-open/cti-python-stix2
    [2] https://github.com/oasis-open/cti-python-stix2/blob/master/README.md
    [3] http://stix2.readthedocs.io/en/latest/
    Email Secured By Check Point.



  • 5.  Re: Announcing python-stix2

    Posted 03-15-2017 16:23
    Hi Eyal,

    MITRE isn’t working on anything, and I’m not personally aware of anyone else who is either. But if someone is, hopefully they’re on one of these lists and will respond.

    Greg

    From: Eyal Paz <eyalp@checkpoint.com>
    Date: Wednesday, March 15, 2017 at 6:56 AM
    To: Greg Back <gback@mitre.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, "cti-users@lists.oasis-open.org" <cti-users@lists.oasis-open.org>
    Subject: RE: Announcing python-stix2

    Hi,

    Is there a parallel effort for an open-source java library supporting STIX v2?

    Thanks,
    Eyal.

    From: cti-users@lists.oasis-open.org [mailto:cti-users@lists.oasis-open.org] On Behalf Of Back, Greg
    Sent: Wednesday, February 15, 2017 7:05 PM
    To: cti@lists.oasis-open.org; cti-users@lists.oasis-open.org
    Subject: [cti-users] Announcing python-stix2

    All-

    I recently pushed code for python-stix2 to an OASIS Open Repository on GitHub [1]. It is still in a nascent stage, but I wanted to give people an early look, encourage feedback on the overall direction and focus areas of the library, and solicit people interested in helping.

    You do *not* need to be a TC member to contribute to the Open Repository, but you *do* (whether you are a member or not) need to sign a CLA for any code contributions (or significant non-code contributions). Also, feel free to provide feedback on these mailing lists or on issues on GitHub.

    For a more information, see the README [2] and documentation [3].

    Thanks,
    Greg Back
    MITRE

    [1] https://github.com/oasis-open/cti-python-stix2
    [2] https://github.com/oasis-open/cti-python-stix2/blob/master/README.md
    [3] http://stix2.readthedocs.io/en/latest/
    Email Secured By Check Point.



  • 6.  Re: Announcing python-stix2

    Posted 03-15-2017 16:23




    Hi Eyal,
     
    MITRE isn’t working on anything, and I’m not personally aware of anyone else who is either. But if someone is, hopefully they’re on one of these lists and will respond.
     
    Greg
     

    From: Eyal Paz <eyalp@checkpoint.com>
    Date: Wednesday, March 15, 2017 at 6:56 AM
    To: Greg Back <gback@mitre.org>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, "cti-users@lists.oasis-open.org" <cti-users@lists.oasis-open.org>
    Subject: RE: Announcing python-stix2


     

    Hi,
     
    Is there a parallel effort for an open-source java library supporting STIX v2?
     
    Thanks,
    Eyal.
     


    From: cti-users@lists.oasis-open.org [mailto:cti-users@lists.oasis-open.org]
    On Behalf Of Back, Greg
    Sent: Wednesday, February 15, 2017 7:05 PM
    To: cti@lists.oasis-open.org; cti-users@lists.oasis-open.org
    Subject: [cti-users] Announcing python-stix2


     
    All-
     
    I recently pushed code for python-stix2 to an OASIS Open Repository on GitHub [1]. It is still in a nascent stage, but I wanted to give people an early look, encourage feedback on the overall direction and
    focus areas of the library, and solicit people interested in helping.  
     
    You do * not * need to be a TC member to contribute to the Open Repository, but you * do * (whether you are a member or not) need to sign a CLA for any code contributions (or significant non-code
    contributions). Also, feel free to provide feedback on these mailing lists or on issues on GitHub.
     
    For a more information, see the README [2] and documentation [3].
     
    Thanks,
    Greg Back
    MITRE
     
    [1]
    https://github.com/oasis-open/cti-python-stix2
    [2]
    https://github.com/oasis-open/cti-python-stix2/blob/master/README.md

    [3]
    http://stix2.readthedocs.io/en/latest/
    Email Secured By Check Point.  






  • 7.  Re: [cti-users] Re: Announcing python-stix2

    Posted 03-15-2017 16:44
    On 03/15/2017 09:22 AM, Back, Greg wrote:
    >
    > Hi Eyal,
    >
    >
    >
    > MITRE isn’t working on anything, and I’m not personally aware of
    > anyone else who is either. But if someone is, hopefully they’re on one
    > of these lists and will respond.
    >
    >
    >
    > Greg
    >
    >
    >
    Greg, all,

    I have followed the STIX development over the past couple of years, and
    even developed a Java library for STIX manipulation, see
    https://github.com/uw-dims/stix-java. That was when STIX 1.1 was current.

    I watched with some dismay as the XML schema way of doing things in STIX
    1.1 was dismantled in favor of JSON for STIX 2. While XML schemas are
    complicated, they are very precise, and a document can be checked
    against a schema to assert its validity. Further, the richness of tools
    for XML schemas, notably the JAXB/xjc tools for Java, gives developers a
    huge leg-up in implementing an API for STIX manipulation. I just
    cranked the JAXB handle over the .xsd file set, and hey presto I had a
    set of Java classes with which to start my API.

    Going out on a limb here, I also think that Java developers LIKE more
    discipline that Python developers. Static typing vs duck typing? The
    XML schema way of representing information is disciplined, and leads to
    fewer 'You meant X? I thought you meant Y' gotchas at runtime.
    Extrapolating, I think the JSON way of data representation is less
    disciplined than the XML way, hence the natural inclination of Python
    developers to prefer JSON.

    Looking at the STIX 2 specs, I admire effort the authors must have put
    in. But from a library builder's point of view, there being no
    machine-ingestable docs (ie the xsd files in STIX 1.1), I am back to
    square one (if I have missed any machine-readable docs, I apologize).

    So, in a nutshell, my own feeling is that there will be no Java-language
    STIX 2 manipulation tools, a sad fact, and I sincerely hope I am wrong
    in this respect. I do know that I won't add to my STIX 1.1 Java effort.

    Stuart



  • 8.  Re: [cti-users] Re: Announcing python-stix2

    Posted 03-15-2017 16:54
    The python project is great! I've had some luck using the Antlr grammar
    files in a java project of my own. I agree it would be nice to have
    "official" support for more language runtimes. Ideally the tests could be
    refactored such that basic validation verification could be run for all
    target runtimes. I can volunteer some maven incantations to build java
    libraries, if one of the existing authors would like to support the test
    refactoring work.

    Also, as a "Java Programmer", I think JSON is fine. If you need strict
    schema management, validation tools, there's [0].

    [0]: http://json-schema.org/

    On Wed, Mar 15, 2017 at 9:44 AM, Stuart Maclean <stuart@apl.washington.edu>
    wrote:

    > On 03/15/2017 09:22 AM, Back, Greg wrote:
    >
    > Hi Eyal,
    >
    >
    >
    > MITRE isn’t working on anything, and I’m not personally aware of anyone
    > else who is either. But if someone is, hopefully they’re on one of these
    > lists and will respond.
    >
    >
    >
    > Greg
    >
    >
    >
    > Greg, all,
    >
    > I have followed the STIX development over the past couple of years, and
    > even developed a Java library for STIX manipulation, see
    > https://github.com/uw-dims/stix-java. That was when STIX 1.1 was current.
    >
    > I watched with some dismay as the XML schema way of doing things in STIX
    > 1.1 was dismantled in favor of JSON for STIX 2. While XML schemas are
    > complicated, they are very precise, and a document can be checked against a
    > schema to assert its validity. Further, the richness of tools for XML
    > schemas, notably the JAXB/xjc tools for Java, gives developers a huge
    > leg-up in implementing an API for STIX manipulation. I just cranked the
    > JAXB handle over the .xsd file set, and hey presto I had a set of Java
    > classes with which to start my API.
    >
    > Going out on a limb here, I also think that Java developers LIKE more
    > discipline that Python developers. Static typing vs duck typing? The XML
    > schema way of representing information is disciplined, and leads to fewer
    > 'You meant X? I thought you meant Y' gotchas at runtime. Extrapolating, I
    > think the JSON way of data representation is less disciplined than the XML
    > way, hence the natural inclination of Python developers to prefer JSON.
    >
    > Looking at the STIX 2 specs, I admire effort the authors must have put
    > in. But from a library builder's point of view, there being no
    > machine-ingestable docs (ie the xsd files in STIX 1.1), I am back to square
    > one (if I have missed any machine-readable docs, I apologize).
    >
    > So, in a nutshell, my own feeling is that there will be no Java-language
    > STIX 2 manipulation tools, a sad fact, and I sincerely hope I am wrong in
    > this respect. I do know that I won't add to my STIX 1.1 Java effort.
    >
    > Stuart
    >



  • 9.  Re: [cti-users] Re: Announcing python-stix2

    Posted 03-15-2017 17:26
    Just so everyone is aware, we do have JSON Schema for STIX: https://github.com/oasis-open/cti-stix2-json-schemas

    From: <cti-users@lists.oasis-open.org> on behalf of Nick Dimiduk <ndimiduk@gmail.com>
    Date: Wednesday, March 15, 2017 at 12:53 PM
    To: Stuart Maclean <stuart@apl.washington.edu>
    Cc: Greg Back <gback@mitre.org>, Eyal Paz <eyalp@checkpoint.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, "cti-users@lists.oasis-open.org" <cti-users@lists.oasis-open.org>
    Subject: Re: [cti-users] Re: Announcing python-stix2

    The python project is great! I've had some luck using the Antlr grammar files in a java project of my own. I agree it would be nice to have "official" support for more language runtimes. Ideally the tests could be refactored such that basic validation verification could be run for all target runtimes. I can volunteer some maven incantations to build java libraries, if one of the existing authors would like to support the test refactoring work.

    Also, as a "Java Programmer", I think JSON is fine. If you need strict schema management, validation tools, there's [0].

    [0]: http://json-schema.org/

    On Wed, Mar 15, 2017 at 9:44 AM, Stuart Maclean <stuart@apl.washington.edu<mailto:stuart@apl.washington.edu>> wrote:
    On 03/15/2017 09:22 AM, Back, Greg wrote:
    Hi Eyal,

    MITRE isn’t working on anything, and I’m not personally aware of anyone else who is either. But if someone is, hopefully they’re on one of these lists and will respond.

    Greg

    Greg, all,

    I have followed the STIX development over the past couple of years, and even developed a Java library for STIX manipulation, see https://github.com/uw-dims/stix-java. That was when STIX 1.1 was current.

    I watched with some dismay as the XML schema way of doing things in STIX 1.1 was dismantled in favor of JSON for STIX 2. While XML schemas are complicated, they are very precise, and a document can be checked against a schema to assert its validity. Further, the richness of tools for XML schemas, notably the JAXB/xjc tools for Java, gives developers a huge leg-up in implementing an API for STIX manipulation. I just cranked the JAXB handle over the .xsd file set, and hey presto I had a set of Java classes with which to start my API.

    Going out on a limb here, I also think that Java developers LIKE more discipline that Python developers. Static typing vs duck typing? The XML schema way of representing information is disciplined, and leads to fewer 'You meant X? I thought you meant Y' gotchas at runtime. Extrapolating, I think the JSON way of data representation is less disciplined than the XML way, hence the natural inclination of Python developers to prefer JSON.

    Looking at the STIX 2 specs, I admire effort the authors must have put in. But from a library builder's point of view, there being no machine-ingestable docs (ie the xsd files in STIX 1.1), I am back to square one (if I have missed any machine-readable docs, I apologize).

    So, in a nutshell, my own feeling is that there will be no Java-language STIX 2 manipulation tools, a sad fact, and I sincerely hope I am wrong in this respect. I do know that I won't add to my STIX 1.1 Java effort.

    Stuart




  • 10.  Re: [cti-users] Re: Announcing python-stix2

    Posted 03-15-2017 17:26




    Just so everyone is aware, we do have JSON Schema for STIX:
    https://github.com/oasis-open/cti-stix2-json-schemas
     

    From:
    <cti-users@lists.oasis-open.org> on behalf of Nick Dimiduk <ndimiduk@gmail.com>
    Date: Wednesday, March 15, 2017 at 12:53 PM
    To: Stuart Maclean <stuart@apl.washington.edu>
    Cc: Greg Back <gback@mitre.org>, Eyal Paz <eyalp@checkpoint.com>, "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, "cti-users@lists.oasis-open.org" <cti-users@lists.oasis-open.org>
    Subject: Re: [cti-users] Re: Announcing python-stix2


     


    The python project is great! I've had some luck using the Antlr grammar files in a java project of my own. I agree it would be nice to have "official" support for more language runtimes. Ideally the tests could be refactored such that basic
    validation verification could be run for all target runtimes. I can volunteer some maven incantations to build java libraries, if one of the existing authors would like to support the test refactoring work.


     


    Also, as a "Java Programmer", I think JSON is fine. If you need strict schema management, validation tools, there's [0].


     


    [0]:  http://json-schema.org/



     

    On Wed, Mar 15, 2017 at 9:44 AM, Stuart Maclean < stuart@apl.washington.edu > wrote:



    On 03/15/2017 09:22 AM, Back, Greg wrote:



    Hi Eyal,
     
    MITRE isn’t working on anything, and I’m not personally aware of anyone else who is either. But if someone is, hopefully they’re on one of these lists
    and will respond.
     
    Greg
     


    Greg, all,

    I have followed the STIX development over the past couple of years, and even developed a Java library for STIX manipulation, see
    https://github.com/uw-dims/stix-java . That was when STIX 1.1 was current.

    I watched with some dismay as the XML schema way of doing things in STIX 1.1 was dismantled in favor of JSON for STIX 2.  While XML schemas are complicated, they are very precise, and a document can be checked against a schema to assert its validity.  Further,
    the richness of tools for XML schemas, notably the JAXB/xjc tools for Java, gives developers a huge leg-up in implementing an API for STIX manipulation.  I just cranked the JAXB handle over the .xsd file set, and hey presto I had a set of Java classes with
    which to start my API. 

    Going out on a limb here, I also think that Java developers LIKE more discipline that Python developers.  Static typing vs duck typing?  The XML schema way of representing information is disciplined, and leads to fewer 'You meant X? I thought you meant Y' gotchas
    at runtime. Extrapolating, I think the JSON way of data representation is less disciplined than the XML way, hence the natural inclination of Python developers to prefer JSON.


    Looking at the STIX 2 specs, I admire effort the authors must have put in.  But from a library builder's point of view, there being no machine-ingestable docs (ie the xsd files in STIX 1.1), I am back to square one (if I have missed any machine-readable docs,
    I apologize).

    So, in a nutshell, my own feeling is that there will be no Java-language STIX 2 manipulation tools, a sad fact, and I sincerely hope I am wrong in this respect.  I do know that I won't add to my STIX 1.1 Java effort.

    Stuart



     







  • 11.  Re: [cti-users] Re: Announcing python-stix2

    Posted 03-15-2017 17:38
    ECMA <http://www.ecma-international.org/> International Standards body
    developed JavaScript <http://www.ecma-international.org/memento/TC39.htm> to
    handle tasks in the browser. They also provided an extension to JavaScript
    to develop a lightweight language for interchanging data over the Internet
    called JavaScript Object Notation (JSON). The downside of JSON is that it
    lacks the capabilities to provide referential integrity. These data models
    are neither interoperable nor standardized. Which means, no data
    portability. JSON doesn’t provide any ability to resolve name space
    ambiguity in which your data is defined, or the structure and data types.

    The JSON community has a IETF working draft schema specification
    <https://tools.ietf.org/html/draft-zyp-json-schema-04> that would provide a
    format for defining the structure of JSON data. This specification would
    provide the ability to define validation, documentation, hyperlink
    navigation, and interaction control of JSON data. However, this
    specification falls short in aligning to and delivering data type primitive
    and built-in capabilities that are provided by the W3C body on XML data
    standards. There are vendors that publish their own version of JSON schema.
    However, these schemas are non-standard and are unable to support
    portability between vendors.

    The use of JSON in environments that requires interoperability of data
    across the enterprise will make governance more challenging. Gartner has
    published a white paper called: “Does your NoSQL DBMS Result in Information
    Governance Debt?
    <https://www.gartner.com/doc/2631833?ref=SiteSearch&sthkw=Nick%20Heudecker&fnl=search&srcId=1-3478922254>”
    (subscription required). As technology leaders looking to increase data
    integrity and the overall resilience of their enterprise, one can only
    conclude that storing data as JSON objects will inhibit you from achieving
    these goals.



    On Wed, Mar 15, 2017 at 12:26 PM, Wunder, John A. <jwunder@mitre.org> wrote:

    > Just so everyone is aware, we do have JSON Schema for STIX:
    > https://github.com/oasis-open/cti-stix2-json-schemas
    >
    >
    >
    > *From: *<cti-users@lists.oasis-open.org> on behalf of Nick Dimiduk <
    > ndimiduk@gmail.com>
    > *Date: *Wednesday, March 15, 2017 at 12:53 PM
    > *To: *Stuart Maclean <stuart@apl.washington.edu>
    > *Cc: *Greg Back <gback@mitre.org>, Eyal Paz <eyalp@checkpoint.com>, "
    > cti@lists.oasis-open.org" <cti@lists.oasis-open.org>, "
    > cti-users@lists.oasis-open.org" <cti-users@lists.oasis-open.org>
    > *Subject: *Re: [cti-users] Re: Announcing python-stix2
    >
    >
    >
    > The python project is great! I've had some luck using the Antlr grammar
    > files in a java project of my own. I agree it would be nice to have
    > "official" support for more language runtimes. Ideally the tests could be
    > refactored such that basic validation verification could be run for all
    > target runtimes. I can volunteer some maven incantations to build java
    > libraries, if one of the existing authors would like to support the test
    > refactoring work.
    >
    >
    >
    > Also, as a "Java Programmer", I think JSON is fine. If you need strict
    > schema management, validation tools, there's [0].
    >
    >
    >
    > [0]: http://json-schema.org/
    >
    >
    >
    > On Wed, Mar 15, 2017 at 9:44 AM, Stuart Maclean <stuart@apl.washington.edu>
    > wrote:
    >
    > On 03/15/2017 09:22 AM, Back, Greg wrote:
    >
    > Hi Eyal,
    >
    >
    >
    > MITRE isn’t working on anything, and I’m not personally aware of anyone
    > else who is either. But if someone is, hopefully they’re on one of these
    > lists and will respond.
    >
    >
    >
    > Greg
    >
    >
    >
    > Greg, all,
    >
    > I have followed the STIX development over the past couple of years, and
    > even developed a Java library for STIX manipulation, see
    > https://github.com/uw-dims/stix-java. That was when STIX 1.1 was current.
    >
    > I watched with some dismay as the XML schema way of doing things in STIX
    > 1.1 was dismantled in favor of JSON for STIX 2. While XML schemas are
    > complicated, they are very precise, and a document can be checked against a
    > schema to assert its validity. Further, the richness of tools for XML
    > schemas, notably the JAXB/xjc tools for Java, gives developers a huge
    > leg-up in implementing an API for STIX manipulation. I just cranked the
    > JAXB handle over the .xsd file set, and hey presto I had a set of Java
    > classes with which to start my API.
    >
    > Going out on a limb here, I also think that Java developers LIKE more
    > discipline that Python developers. Static typing vs duck typing? The XML
    > schema way of representing information is disciplined, and leads to fewer
    > 'You meant X? I thought you meant Y' gotchas at runtime. Extrapolating, I
    > think the JSON way of data representation is less disciplined than the XML
    > way, hence the natural inclination of Python developers to prefer JSON.
    >
    > Looking at the STIX 2 specs, I admire effort the authors must have put
    > in. But from a library builder's point of view, there being no
    > machine-ingestable docs (ie the xsd files in STIX 1.1), I am back to square
    > one (if I have missed any machine-readable docs, I apologize).
    >
    > So, in a nutshell, my own feeling is that there will be no Java-language
    > STIX 2 manipulation tools, a sad fact, and I sincerely hope I am wrong in
    > this respect. I do know that I won't add to my STIX 1.1 Java effort.
    >
    > Stuart
    >
    >
    >



  • 12.  Re: [cti-users] Re: Announcing python-stix2

    Posted 03-15-2017 18:25
    I am not going to go down the "JSON vs XML" rabbit hole again as this was
    all decided 2 years ago, but I think it is definitely a stretch to say "
    there will be no Java-language STIX 2 manipulation tools".

    Myself, I actually do foresee fewer "bindings" made for STIX 2.0, simply
    because part of the benefit of the new STIX model using JSON, is you
    actually do not really need "bindings" to work with it in the majority of
    languages - it is just simple and easy for developers to program against
    without worrying about them - they're normally not needed. You can work
    with STIX in Java using GSON, JSONOrg, Jackson, without having any
    bindings at all....there are also libraries that will auto-generate
    bindings for you from the JSON schema, if you still want that.

    Because it is RESTful, you could actually likely implement a full-blown
    TAXII server without writing any code, simply JAX-RS using with STIX
    schema-generated Pojos...

    -
    Jason Keirstead
    STSM, Product Architect, Security Intelligence, IBM Security Systems
    www.ibm.com/security | www.securityintelligence.com

    Without data, all you are is just another person with an opinion - Unknown





    From: Stuart Maclean <stuart@apl.washington.edu>
    To: "Back, Greg" <gback@mitre.org>, Eyal Paz <eyalp@checkpoint.com>,
    "cti@lists.oasis-open.org" <cti@lists.oasis-open.org>,
    "cti-users@lists.oasis-open.org" <cti-users@lists.oasis-open.org>
    Date: 03/15/2017 01:48 PM
    Subject: Re: [cti-users] Re: Announcing python-stix2
    Sent by: <cti-users@lists.oasis-open.org>



    On 03/15/2017 09:22 AM, Back, Greg wrote:
    Hi Eyal,

    MITRE isn’t working on anything, and I’m not personally aware of anyone
    else who is either. But if someone is, hopefully they’re on one of these
    lists and will respond.

    Greg

    Greg, all,

    I have followed the STIX development over the past couple of years, and
    even developed a Java library for STIX manipulation, see
    https://github.com/uw-dims/stix-java. That was when STIX 1.1 was current.

    I watched with some dismay as the XML schema way of doing things in STIX
    1.1 was dismantled in favor of JSON for STIX 2. While XML schemas are
    complicated, they are very precise, and a document can be checked against
    a schema to assert its validity. Further, the richness of tools for XML
    schemas, notably the JAXB/xjc tools for Java, gives developers a huge
    leg-up in implementing an API for STIX manipulation. I just cranked the
    JAXB handle over the .xsd file set, and hey presto I had a set of Java
    classes with which to start my API.

    Going out on a limb here, I also think that Java developers LIKE more
    discipline that Python developers. Static typing vs duck typing? The XML
    schema way of representing information is disciplined, and leads to fewer
    'You meant X? I thought you meant Y' gotchas at runtime. Extrapolating, I
    think the JSON way of data representation is less disciplined than the XML
    way, hence the natural inclination of Python developers to prefer JSON.

    Looking at the STIX 2 specs, I admire effort the authors must have put
    in. But from a library builder's point of view, there being no
    machine-ingestable docs (ie the xsd files in STIX 1.1), I am back to
    square one (if I have missed any machine-readable docs, I apologize).

    So, in a nutshell, my own feeling is that there will be no Java-language
    STIX 2 manipulation tools, a sad fact, and I sincerely hope I am wrong in
    this respect. I do know that I won't add to my STIX 1.1 Java effort.

    Stuart






  • 13.  Re: [cti-users] Re: Announcing python-stix2

    Posted 03-15-2017 18:25
    I am not going to go down the "JSON
    vs XML" rabbit hole again as this was all decided 2 years ago, but
    I think it is definitely a stretch to say " there
    will be no Java-language STIX 2 manipulation tool s".
      Myself, I actually do foresee fewer
    "bindings" made for STIX 2.0, simply because part of the benefit
    of the new STIX model using JSON, is you actually do not really need "bindings"
    to work with it in the majority of languages - it is just simple and easy
    for developers to program against without worrying about them - they're
    normally not needed. You can work with STIX in Java using GSON,  JSONOrg,
    Jackson, without having any bindings at all....there are also libraries
    that will auto-generate bindings for you from the JSON schema, if you still
    want that. Because it is RESTful, you could actually
    likely implement a full-blown TAXII server without writing any code, simply
    JAX-RS using with STIX schema-generated Pojos... - Jason Keirstead STSM, Product Architect, Security Intelligence, IBM Security Systems www.ibm.com/security www.securityintelligence.com Without data, all you are is just another person with an opinion - Unknown
    From:      
      Stuart Maclean <stuart@apl.washington.edu> To:      
      "Back, Greg"
    <gback@mitre.org>, Eyal Paz <eyalp@checkpoint.com>, "cti@lists.oasis-open.org"
    <cti@lists.oasis-open.org>, "cti-users@lists.oasis-open.org"
    <cti-users@lists.oasis-open.org> Date:      
      03/15/2017 01:48 PM Subject:    
        Re: [cti-users]
    Re: Announcing python-stix2 Sent by:    
        <cti-users@lists.oasis-open.org> On 03/15/2017 09:22 AM, Back, Greg wrote: Hi Eyal,   MITRE isn’t working on anything, and I’m
    not personally aware of anyone else who is either. But if someone is, hopefully
    they’re on one of these lists and will respond.   Greg   Greg, all, I have followed the STIX development over the past couple of years, and
    even developed a Java library for STIX manipulation, see https://github.com/uw-dims/stix-java .
    That was when STIX 1.1 was current. I watched with some dismay as the XML schema way of doing things in STIX
    1.1 was dismantled in favor of JSON for STIX 2.  While XML schemas
    are complicated, they are very precise, and a document can be checked against
    a schema to assert its validity.  Further, the richness of tools for
    XML schemas, notably the JAXB/xjc tools for Java, gives developers a huge
    leg-up in implementing an API for STIX manipulation.  I just cranked
    the JAXB handle over the .xsd file set, and hey presto I had a set of Java
    classes with which to start my API.  Going out on a limb here, I also think that Java developers LIKE more discipline
    that Python developers.  Static typing vs duck typing?  The XML
    schema way of representing information is disciplined, and leads to fewer
    'You meant X? I thought you meant Y' gotchas at runtime. Extrapolating,
    I think the JSON way of data representation is less disciplined than the
    XML way, hence the natural inclination of Python developers to prefer JSON.
    Looking at the STIX 2 specs, I admire effort the authors must have put
    in.  But from a library builder's point of view, there being no machine-ingestable
    docs (ie the xsd files in STIX 1.1), I am back to square one (if I have
    missed any machine-readable docs, I apologize). So, in a nutshell, my own feeling is that there will be no Java-language
    STIX 2 manipulation tools, a sad fact, and I sincerely hope I am wrong
    in this respect.  I do know that I won't add to my STIX 1.1 Java effort. Stuart



  • 14.  RE: [cti-users] Re: Announcing python-stix2

    Posted 03-16-2017 09:33
    Thanks guys, very helpful discussion.

    Cheers,
    Eyal.

    From: Jason Keirstead [mailto:Jason.Keirstead@ca.ibm.com]
    Sent: Wednesday, March 15, 2017 8:25 PM
    To: Stuart Maclean
    Cc: Back, Greg; Eyal Paz; cti@lists.oasis-open.org; cti-users@lists.oasis-open.org
    Subject: Re: [cti-users] Re: Announcing python-stix2

    I am not going to go down the "JSON vs XML" rabbit hole again as this was all decided 2 years ago, but I think it is definitely a stretch to say "there will be no Java-language STIX 2 manipulation tools".

    Myself, I actually do foresee fewer "bindings" made for STIX 2.0, simply because part of the benefit of the new STIX model using JSON, is you actually do not really need "bindings" to work with it in the majority of languages - it is just simple and easy for developers to program against without worrying about them - they're normally not needed. You can work with STIX in Java using GSON, JSONOrg, Jackson, without having any bindings at all....there are also libraries that will auto-generate bindings for you from the JSON schema, if you still want that.

    Because it is RESTful, you could actually likely implement a full-blown TAXII server without writing any code, simply JAX-RS using with STIX schema-generated Pojos...

    -
    Jason Keirstead
    STSM, Product Architect, Security Intelligence, IBM Security Systems
    www.ibm.com/security| www.securityintelligence.com

    Without data, all you are is just another person with an opinion - Unknown




    From: Stuart Maclean <stuart@apl.washington.edu<mailto:stuart@apl.washington.edu>>
    To: "Back, Greg" <gback@mitre.org<mailto:gback@mitre.org>>, Eyal Paz <eyalp@checkpoint.com<mailto:eyalp@checkpoint.com>>, "cti@lists.oasis-open.org<mailto:cti@lists.oasis-open.org>" <cti@lists.oasis-open.org<mailto:cti@lists.oasis-open.org>>, "cti-users@lists.oasis-open.org<mailto:cti-users@lists.oasis-open.org>" <cti-users@lists.oasis-open.org<mailto:cti-users@lists.oasis-open.org>>
    Date: 03/15/2017 01:48 PM
    Subject: Re: [cti-users] Re: Announcing python-stix2
    Sent by: <cti-users@lists.oasis-open.org<mailto:cti-users@lists.oasis-open.org>>
    ________________________________



    On 03/15/2017 09:22 AM, Back, Greg wrote:
    Hi Eyal,

    MITRE isn’t working on anything, and I’m not personally aware of anyone else who is either. But if someone is, hopefully they’re on one of these lists and will respond.

    Greg


    Greg, all,

    I have followed the STIX development over the past couple of years, and even developed a Java library for STIX manipulation, see https://github.com/uw-dims/stix-java. That was when STIX 1.1 was current.

    I watched with some dismay as the XML schema way of doing things in STIX 1.1 was dismantled in favor of JSON for STIX 2. While XML schemas are complicated, they are very precise, and a document can be checked against a schema to assert its validity. Further, the richness of tools for XML schemas, notably the JAXB/xjc tools for Java, gives developers a huge leg-up in implementing an API for STIX manipulation. I just cranked the JAXB handle over the .xsd file set, and hey presto I had a set of Java classes with which to start my API.

    Going out on a limb here, I also think that Java developers LIKE more discipline that Python developers. Static typing vs duck typing? The XML schema way of representing information is disciplined, and leads to fewer 'You meant X? I thought you meant Y' gotchas at runtime. Extrapolating, I think the JSON way of data representation is less disciplined than the XML way, hence the natural inclination of Python developers to prefer JSON.

    Looking at the STIX 2 specs, I admire effort the authors must have put in. But from a library builder's point of view, there being no machine-ingestable docs (ie the xsd files in STIX 1.1), I am back to square one (if I have missed any machine-readable docs, I apologize).

    So, in a nutshell, my own feeling is that there will be no Java-language STIX 2 manipulation tools, a sad fact, and I sincerely hope I am wrong in this respect. I do know that I won't add to my STIX 1.1 Java effort.

    Stuart