[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [cti-stix] Two Minor 2.1 STIX Proposals
I would like to submit the following two minor proposals for 2.1...
- The addition of a "software_ref" property to the "Process" cyber observable object. This would allow one to encode what piece of software a given process is for (which you can then tie to CPE and do many things with)
- A defined relationship type of "vulnerable_to" to be added from observed_data to vulnerability. This would allow you to say that a given process, system, or software was vulnerable to a certain vulnerability.
-
Jason Keirstead
Lead Architect - IBM.Security
www.ibm.com/security
"Things may come to those who wait, but only the things left by those who hustle." - Unknown
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]