The International Security Community Should Embrace the STIX and TAXII Standards

September 20, 2013

We live in a capitalist society so I don't expect McAfee and Symantec to get together and divvy up the work anytime soon. This means that we'll have to live with redundancy, but the good news is that we can do something about consistency. To address this, the security community at large should embrace two standards coming from the U.S. Department of Homeland Security (DHS) and MITRE Corporation: Structured Threat Information Expression (STIX). As MITRE describes: "STIX is a collaborative community-driven effort to define and develop a standardized language to represent structured cyber threat information. The STIX Language intends to convey the full range of potential cyber threat information and strives to be fully expressive, flexible, extensible, automatable, and as human-readable as possible."

View on