Clarification: “working on read access to start.” Apologies for the miscommunication.
Cheers, Alec -- Alec J. Summers Cyber Solutions Innovation Center Group Leader, Software Assurance Research & Practice Cyber Security Engineer, Lead O: (781) 271-6970 C: (781) 496-8426 –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World From: Alec J Summers <asumm...@mitre.org> Date: Tuesday, March 1, 2022 at 5:41 PM To: Seifried, Kurt <k...@seifried.org>, Adam Cron <adam.c...@synopsys.com> Cc: CWE CAPEC Board <cwe-capec-board-list@mitre.org>, Hayashi, Kathy <kat...@qualcomm.com>, Sherman, Brent <brent.m.sher...@intel.com>, Oberg, Jason <ja...@tortugalogic.com> Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation Kurt, Thanks for your note. This was a question that Adam et al answered in the document I shared on 2/24. In short, the working group would start working towards a REST API to start. Best, Alec -- Alec J. Summers Cyber Solutions Innovation Center Group Leader, Software Assurance Research & Practice Cyber Security Engineer, Lead O: (781) 271-6970 C: (781) 496-8426 –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World From: Kurt Seifried <k...@seifried.org> Date: Tuesday, March 1, 2022 at 5:33 PM To: Adam Cron <adam.c...@synopsys.com> Cc: Alec J Summers <asumm...@mitre.org>, CWE CAPEC Board <cwe-capec-board-list@mitre.org>, Hayashi, Kathy <kat...@qualcomm.com>, Sherman, Brent <brent.m.sher...@intel.com>, Oberg, Jason <ja...@tortugalogic.com> Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation Is this REST API read only, or also write to update CWEs, or? On Tue, Mar 1, 2022 at 9:23 AM Adam Cron <adam.c...@synopsys.com<mailto:adam.c...@synopsys.com>> wrote: I have no objections. Enclosed is a strawman invitation. Please edit or comment as you see fit. Please don’t forward it out, yet. Best regards, Adam From: Alec J Summers <asumm...@mitre.org<mailto:asumm...@mitre.org>> Sent: Tuesday, March 1, 2022 9:45 AM To: CWE CAPEC Board <cwe-capec-board-list@mitre.org<mailto:cwe-capec-board-list@mitre.org>> Cc: Adam Cron <ac...@synopsys.com<mailto:ac...@synopsys.com>>; Hayashi, Kathy <kat...@qualcomm.com<mailto:kat...@qualcomm.com>>; Sherman, Brent <brent.m.sher...@intel.com<mailto:brent.m.sher...@intel.com>>; Oberg, Jason <ja...@tortugalogic.com<mailto:ja...@tortugalogic.com>> Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation Good morning, all. I wanted to follow up on this thread and see if there were any other questions or thoughts for the REST API Working Group proposal. If not, I wanted to ask if there were any objections to officially authorize this group to begin discussions and determine the path forward. Cheers, Alec -- Alec J. Summers Cyber Solutions Innovation Center Group Leader, Software Assurance Research & Practice Cyber Security Engineer, Lead O: (781) 271-6970 C: (781) 496-8426 –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World From: Jason Oberg <ja...@tortugalogic.com<mailto:ja...@tortugalogic.com>> Date: Friday, February 25, 2022 at 10:02 AM To: Sherman, Brent <brent.m.sher...@intel.com<mailto:brent.m.sher...@intel.com>> Cc: Alec J Summers <asumm...@mitre.org<mailto:asumm...@mitre.org>>, CWE CAPEC Board <cwe-capec-board-list@mitre.org<mailto:cwe-capec-board-list@mitre.org>>, Adam Cron <adam.c...@synopsys.com<mailto:adam.c...@synopsys.com>>, Hayashi, Kathy <kat...@qualcomm.com<mailto:kat...@qualcomm.com>> Subject: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation Hi Brent, Understood. I think it's reasonable that one goal of the working group should be to flesh these details out. I just worry this piece of it might be the long pole so it likely needs serious consideration early on so there is a foreseeable path forward. Regards, Jason On Thu, Feb 24, 2022 at 2:28 PM Sherman, Brent M <brent.m.sher...@intel.com<mailto:brent.m.sher...@intel.com>> wrote: hi jason, thank you for your support, greatly appreciated! I agree there needs to be a path towards implementation however I think this is something the wg needs to answer (adam, kathy – please correct me if I’m wrong). I think we (ipsa wg) know the answers to your questions however, maybe there is something we are not aware of which is why we want to form the wg. hopefully that makes sense. thanks brent From: Jason Oberg <ja...@tortugalogic.com<mailto:ja...@tortugalogic.com>> Sent: Thursday, February 24, 2022 2:11 PM To: Alec J Summers <asumm...@mitre.org<mailto:asumm...@mitre.org>> Cc: CWE CAPEC Board <cwe-capec-board-list@mitre.org<mailto:cwe-capec-board-list@mitre.org>>; Adam Cron <adam.c...@synopsys.com<mailto:adam.c...@synopsys.com>>; Sherman, Brent M <brent.m.sher...@intel.com<mailto:brent.m.sher...@intel.com>>; Hayashi, Kathy <kat...@qualcomm.com<mailto:kat...@qualcomm.com>> Subject: Re: CWE/CAPEC Rest API Working Group Documentation Adam, Kathy, Brent, Thank you for taking on this important initiative. I'm fully supportive and it is very much needed. While defining the API is the first step, I'm wondering what the path is to actually implement it. Specifically: * Can the existing CWE data model support APIs that are RESTful? * Who will execute on the API endpoint development work? Will MITRE or another party? These may be questions for MITRE, but I think it's important to have a path towards implementation while the APIs are defined. We surely all agree that defining an API that never gets built is not good for anyone. Regards, Jason On Thu, Feb 24, 2022 at 1:31 PM Alec J Summers <asumm...@mitre.org<mailto:asumm...@mitre.org>> wrote: Dear Board members, Good afternoon! During our last meeting, we spoke about the request from community stakeholders to establish a working group to build a REST API for the CWE/CAPEC program. The Board had several questions regarding the intention, technical specifications, target audience, and milestones associated with the request. Recall that the Board charter differentiates a working group from a special interest group in that it is not intended to operate on an open-ended timeline and is meant to achieve a particular outcome. I have attached a document of answers to Board’s questions from the Accellera Systems Initiative IPSA working group members – the group responsible for the initial request for a CWE REST API working group. I have also cced the proposed chair of the working group, Adam Cron (Synopsys), as well as two other members Brent Sherman (Intel) and Kathy Hayashi (Qualcomm) so they may provide clarifications or reply to any additional questions directly in this thread. Cheers, Alec -- Alec J. Summers Cyber Solutions Innovation Center Group Leader, Software Assurance Research & Practice Cyber Security Engineer, Lead O: (781) 271-6970 C: (781) 496-8426 –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World -- Error! Filename not specified. Dr. Jason Oberg | Co-Founder and CTO | +1 (808) 635-7604 Tortuga Logic<https://urldefense.com/v3/__http:/www.tortugalogic.com/__;!!A4F2R9G_pg!KhP1Tp0dIAuQOQwjf78PecF8WBfuwNa4sP9WLK03IjU7Hr9AnrUoeHynYR0srqW5IQ$> | 75 E Santa Clara Street, San Jose, CA 95113 NOTICE TO RECIPIENT | This email and any attachments may contain private, confidential and privileged material for the sole use of the intended recipient. If you are not the intended recipient, please immediately notify the sender of the error by return email and delete this email and any attachments. -- Error! Filename not specified. Dr. Jason Oberg | Co-Founder and CTO | +1 (808) 635-7604 Tortuga Logic<https://urldefense.com/v3/__http:/www.tortugalogic.com/__;!!A4F2R9G_pg!KhP1Tp0dIAuQOQwjf78PecF8WBfuwNa4sP9WLK03IjU7Hr9AnrUoeHynYR0srqW5IQ$> | 75 E Santa Clara Street, San Jose, CA 95113 NOTICE TO RECIPIENT | This email and any attachments may contain private, confidential and privileged material for the sole use of the intended recipient. If you are not the intended recipient, please immediately notify the sender of the error by return email and delete this email and any attachments. -- Kurt Seifried (He/Him) k...@seifried.org<mailto:k...@seifried.org>
