wendellpiez
commented
2 years ago Actually, challenge here would be to make it sufficiently lossy (not reversible) while still meeting the need. Interesting problem.
Open wendellpiez opened 2 years ago
wendellpiez
commented
2 years ago Actually, challenge here would be to make it sufficiently lossy (not reversible) while still meeting the need. Interesting problem.
aj-stein-nist
commented
2 years ago As an OSCAL user, I might find it difficult to make bug reports on OSCAL data because I can't share the data. How can I show the bug?
A little OSCAL data-obfuscator demo that rewrote OSCAL fragments (even invalid) into a 'blind' variant, with local save, could be helpful in this regard.
This could potentially be done in XSLT 1.0, assuming the right specs (around complications such as UUIDs etc).
I personally love this idea! This is actually the impetus behind doing the leg work in usnistgov/OSCAL#1119 to pave the way for such a tool: to facilitate the sharing of debugging data and general information sharing in the long-term! The requirements work around this, after threat modeling, is to know which fields should be "redacted" and which others should not, and in combination with one another as "sensitive information" (Controlled Unclassified Information or a more objective interpretation of sensitive) to build criteria for such tools.
I love this idea, and I will send you an email with internal memos from other information security colleagues about the context around this, and why such a tool would be wonderfully important.
As an OSCAL user, I might find it difficult to make bug reports on OSCAL data because I can't share the data. How can I show the bug?
A little OSCAL data-obfuscator demo that rewrote OSCAL fragments (even invalid) into a 'blind' variant, with local save, could be helpful in this regard.
This could potentially be done in XSLT 1.0, assuming the right specs (around complications such as UUIDs etc).