Open sparrell opened 7 years ago
Agree with the change, I do not have a strong preference, but suggest application
No strong preference among software, program, application or module. Program, application and module are countable units, as opposed to software which is an uncountable substance. Given that a module is subset of a program or application, it does seem to be most appropriate in the context of software, but it could also be used in a hardware context. For that reason I lean slightly toward program or application.
We have two 'votes' (albeit not strong preferences) for application. Let's leave this open for a couple more days and if no chatter, then close.
This isn't necessarily a vote, but the software shows up in the current STIX Cyber Observables, and application currently does not.
I don't know if Stix discussed. If they did someone please recap. Stix is broader than openc2 since they can report on CVE and source code and broader software issues. If you are commanding "something" you need more specific so I think software is too amorphous.
iPhone, iTypo, iApologize
On Thu, Feb 2, 2017 at 10:53 AM -0500, "Jason Romano" notifications@github.com wrote:
This isn't necessarily a vote, but the software shows up in the current STIX Cyber Observables, and application currently does not.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.
PROBLEM
Current LDD has a target openc2:software. I propose software is not correct term for what would be targeted by openc2. Recall openc2's definition of target is 'target' of the action. For example the command 'deny' has a target IP. In one sense 'software' is too broad a term (eg Source code, Documentation, data). In another sense, it's too narrow (eg vs firmware). This is a case where stix may be broader than openc2 because they can have indicators on source code, documentation, and people whereas openc2 would not be automagically updating those at machine speed.
ISO/IEC 24765:2009 defines software as:
POTENTIAL SOLUTION
Replace with openc2:application or openc2:module
I personally think application would be appropriate but it could be pointed out that operating system software would be out of scope (personally I consider OS another application but I may be unique).
Program ("A combination of computer instructions and data definitions that enable computer hardware to perform computational or control functions" according to IEEE) is probably pendantly correct but it is too overloaded in my opinion.
Module is probably the most pendantly accurate word. IEEE Std 1633-2008 (Software Reliability) defines Module as: