OASIS and FIRST are hosting a two-day conference on December 6-8 in Prague. The aim is to provide guidance and help organisations identify and avoid pitfalls in threat intelligence. The conference is thus bringing together communities from both OASIS Borderless Cyber and FIRST Technical Symposium.
CIRCL and the MISP Project are involved in these two organisations and strongly believe in diversity within the world of standardisation
On December 7th at 11am, Alexandre Dulaunoy and Andras Iklody, Security Researchers at CIRCL, will show how to organically build a Threat Intel Sharing Standard by describing the journey, challenges and mistakes the MISP Project made while designing the MISP standard as we know it today.
“Designing a successful standard for threat intel sharing is a daunting task, with a host of possible pitfalls. There are several paths that can lead to a well-defined standard: early and prolonged requirement gathering versus starting small with rapid iterations, democratic and centralised driving forces, inclusive and exclusive ideologies. Our weapon of choice was an implementation driven, rapid iterative and real-world usage centric approach using the PMF methodology, which allowed us to experiment and fail often but also be aware of our failures before they became un-revocable disasters”, explain the two researchers.
During this session, they will compare and contrast the various methodologies and what lessons they have learned from the journey. An important point to already outline is that MISP can integrate and support different standards. This has been and is always a key component of the MISP development.
More information about the MISP Project: http://www.misp-project.org
About CIRCL: https://www.circl.lu
About the conference: https://eu17.first-oasis-conference.org/en/