kf0jvt
commented
10 years ago This sounds like a lot of work, and we've already made big changes to the schema for v1.3. Do we need to do this in 1.3 or can we put it off for a future revision?
Closed krmaxwell closed 8 years ago
kf0jvt
commented
10 years ago This sounds like a lot of work, and we've already made big changes to the schema for v1.3. Do we need to do this in 1.3 or can we put it off for a future revision?
krmaxwell
commented
10 years ago Future revision makes sense, yeah.
whbaker
commented
10 years ago I agree with future revision. I propose we close this out (or associate with a "nextRev" milestone), and make a new issue calling for feedback on how the VERIS user community wants to handle this. There is a mapping between CAPEC and WASC, but accepting either of those would be ok too. Perhaps we simply have action.hacking.variety_wasc and action.hacking.variety_capec. CAPECs could be an integer, and have no need for creating and maintaining an enum.
krmaxwell
commented
10 years ago I have added this to a nextRev milestone (whether that ends up being 1.4 or 2.0 or :banana: or something else) and we can revisit as a community in the future.
gdbassett
commented
8 years ago Overcome by events. We have a history of enumerations, mainly based on ones we've found we needed to code. We want to try and align veris enumerations to other schemas wherever possible, but what we have currently works.
From veriscommunity.net:
I agree that we should consider importing the CAPEC dictionary for use here. It allows for better alignment with the STIX/TAXII stack and is far more comprehensive, at the cost of a much larger set here (perhaps we could avoid some child nodes below a certain depth).
Alternately, it might be worth mapping our (and WASC's) enumerations to that standard.