Consider Refactoring Address Object Into Separate Objects

Question

Consider Refactoring Address Object Into Separate Objects

ikiril01 opened this issue 9 years ago · 1 comments

The existing Address Object in CybOX is very abstract, and supports the capture of a wide variety of network addresses (IPv4, IPv6, MAC, ATM, Email, etc.). This can cause ambiguity in address expression, such as an email address with an "address_type" value of "ipv4". Likewise, it means that fields in other CybOX Objects that make use of this Object are not constrained to a particular type of address, leading to issues of semantic accuracy (see below).

Related to #379.

Answer 1 · 2015-10-28T00:26:39.000Z

Ivan:

From the POV of an Analyst, this makes a lot of sense.

+1

Jane Ginn, MSIA, MRP
Cyber Threat Intelligence Network, Inc.
jg@ctin.us

-------- Original Message --------
From: Ivan Kirillov notifications@github.com
Sent: Monday, October 26, 2015 09:45 AM
To: CybOXProject/schemas schemas@noreply.github.com
Subject: [schemas] Consider Refactoring Address Object Into Separate Objects (#390)

The existing Address Object in CybOX is very abstract, and supports the capture of a wide variety of network addresses (IPv4, IPv6, MAC, ATM, Email, etc.). This can cause ambiguity in address expression, such as an email address with an "address_type" value of "ipv4". Likewise, it means that fields in other CybOX Objects that make use of this Object are not constrained to a particular type of address, leading to issues of semantic accuracy (see below).

Related #379.

Reply to this email directly or view it on GitHub:
#390