Maybe this question was already answered but I can't find it: what's the backend data source? E.g. will the REST API simply provide an interface to the XML download, and then that XML gets updated as MITRE releases new versions? I assume the "source of truth" is still on an internal MITRE system, if so how does that data get to the rest API (do we need an API for that ;).
On Fri, Mar 4, 2022 at 12:31 PM Alec J Summers <asumm...@mitre.org> wrote: > Good afternoon, all! > > > > I wanted to clarify one point with respect to the API WG. The group is > open to all community members with interest in participating, and the > deliberations, work, decisions, etc. will be public. While elements of the > CWE/CAPEC sites’ backend infrastructure are not currently open-source, the > REST API itself will be, as well as any reference implementations that the > WG chooses to develop. Most of the REST API development will take place > outside of the MITRE team and so the code will be open source and > integrated with the closed source CWE/CAPEC backend infrastructure. > > > > It is conceivable that all CWE/CAPEC code could one day be open-source, > but that is not the case right now. > > > > Cheers, > > Alec > > > > -- > > *Alec J. Summers* > > Cyber Solutions Innovation Center > > Group Leader, Software Assurance Research & Practice > > Cyber Security Engineer, Lead > > O: (781) 271-6970 > > C: (781) 496-8426 > > *––––––––––––––––––––––––––––––––––––* > > *MITRE - Solving Problems for a Safer World* > > > > > > *From: *Alec J Summers <asumm...@mitre.org> > *Date: *Tuesday, March 1, 2022 at 6:15 PM > *To: *Seifried, Kurt <k...@seifried.org>, Adam Cron < > adam.c...@synopsys.com> > *Cc: *CWE CAPEC Board <cwe-capec-board-list@mitre.org>, Hayashi, Kathy < > kat...@qualcomm.com>, Sherman, Brent <brent.m.sher...@intel.com>, Oberg, > Jason <ja...@tortugalogic.com> > *Subject: *Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation > > Clarification: “working on read access to start.” > > > > Apologies for the miscommunication. > > > > Cheers, > > Alec > > > > -- > > *Alec J. Summers* > > Cyber Solutions Innovation Center > > Group Leader, Software Assurance Research & Practice > > Cyber Security Engineer, Lead > > O: (781) 271-6970 > > C: (781) 496-8426 > > *––––––––––––––––––––––––––––––––––––* > > *MITRE - Solving Problems for a Safer World* > > > > > > *From: *Alec J Summers <asumm...@mitre.org> > *Date: *Tuesday, March 1, 2022 at 5:41 PM > *To: *Seifried, Kurt <k...@seifried.org>, Adam Cron < > adam.c...@synopsys.com> > *Cc: *CWE CAPEC Board <cwe-capec-board-list@mitre.org>, Hayashi, Kathy < > kat...@qualcomm.com>, Sherman, Brent <brent.m.sher...@intel.com>, Oberg, > Jason <ja...@tortugalogic.com> > *Subject: *Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation > > Kurt, > > > > Thanks for your note. This was a question that Adam et al answered in the > document I shared on 2/24. In short, the working group would start working > towards a REST API to start. > > > > Best, > > Alec > > > > -- > > *Alec J. Summers* > > Cyber Solutions Innovation Center > > Group Leader, Software Assurance Research & Practice > > Cyber Security Engineer, Lead > > O: (781) 271-6970 > > C: (781) 496-8426 > > *––––––––––––––––––––––––––––––––––––* > > *MITRE - Solving Problems for a Safer World* > > > > > > *From: *Kurt Seifried <k...@seifried.org> > *Date: *Tuesday, March 1, 2022 at 5:33 PM > *To: *Adam Cron <adam.c...@synopsys.com> > *Cc: *Alec J Summers <asumm...@mitre.org>, CWE CAPEC Board < > cwe-capec-board-list@mitre.org>, Hayashi, Kathy <kat...@qualcomm.com>, > Sherman, Brent <brent.m.sher...@intel.com>, Oberg, Jason < > ja...@tortugalogic.com> > *Subject: *Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation > > Is this REST API read only, or also write to update CWEs, or? > > > > On Tue, Mar 1, 2022 at 9:23 AM Adam Cron <adam.c...@synopsys.com> wrote: > > I have no objections. Enclosed is a strawman invitation. Please edit or > comment as you see fit. Please don’t forward it out, yet. > > > > Best regards, > > > > Adam > > > > *From:* Alec J Summers <asumm...@mitre.org> > *Sent:* Tuesday, March 1, 2022 9:45 AM > *To:* CWE CAPEC Board <cwe-capec-board-list@mitre.org> > *Cc:* Adam Cron <ac...@synopsys.com>; Hayashi, Kathy <kat...@qualcomm.com>; > Sherman, Brent <brent.m.sher...@intel.com>; Oberg, Jason < > ja...@tortugalogic.com> > *Subject:* Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation > > > > Good morning, all. > > > > I wanted to follow up on this thread and see if there were any other > questions or thoughts for the REST API Working Group proposal. > > > > If not, I wanted to ask if there were any objections to officially > authorize this group to begin discussions and determine the path forward. > > > > Cheers, > > Alec > > > > -- > > *Alec J. Summers* > > Cyber Solutions Innovation Center > > Group Leader, Software Assurance Research & Practice > > Cyber Security Engineer, Lead > > O: (781) 271-6970 > > C: (781) 496-8426 > > *––––––––––––––––––––––––––––––––––––* > > *MITRE - Solving Problems for a Safer World* > > > > > > *From: *Jason Oberg <ja...@tortugalogic.com> > *Date: *Friday, February 25, 2022 at 10:02 AM > *To: *Sherman, Brent <brent.m.sher...@intel.com> > *Cc: *Alec J Summers <asumm...@mitre.org>, CWE CAPEC Board < > cwe-capec-board-list@mitre.org>, Adam Cron <adam.c...@synopsys.com>, > Hayashi, Kathy <kat...@qualcomm.com> > *Subject: *[EXT] Re: CWE/CAPEC Rest API Working Group Documentation > > Hi Brent, > > > > Understood. I think it's reasonable that one goal of the working group > should be to flesh these details out. I just worry this piece of it might > be the long pole so it likely needs serious consideration early on so there > is a foreseeable path forward. > > > > Regards, > > Jason > > > > > > On Thu, Feb 24, 2022 at 2:28 PM Sherman, Brent M < > brent.m.sher...@intel.com> wrote: > > hi jason, > > thank you for your support, greatly appreciated! > > I agree there needs to be a path towards implementation however I think > this is something the wg needs to answer (adam, kathy – please correct me > if I’m wrong). > > I think we (ipsa wg) know the answers to your questions however, maybe > there is something we are not aware of which is why we want to form the wg. > > hopefully that makes sense. > > > > thanks > > brent > > > > > > *From:* Jason Oberg <ja...@tortugalogic.com> > *Sent:* Thursday, February 24, 2022 2:11 PM > *To:* Alec J Summers <asumm...@mitre.org> > *Cc:* CWE CAPEC Board <cwe-capec-board-list@mitre.org>; Adam Cron < > adam.c...@synopsys.com>; Sherman, Brent M <brent.m.sher...@intel.com>; > Hayashi, Kathy <kat...@qualcomm.com> > *Subject:* Re: CWE/CAPEC Rest API Working Group Documentation > > > > Adam, Kathy, Brent, > > > > Thank you for taking on this important initiative. I'm fully supportive > and it is very much needed. > > > > While defining the API is the first step, I'm wondering what the path is > to actually implement it. Specifically: > > - Can the existing CWE data model support APIs that are RESTful? > - Who will execute on the API endpoint development work? Will MITRE or > another party? > > These may be questions for MITRE, but I think it's important to have a > path towards implementation while the APIs are defined. We surely all agree > that defining an API that never gets built is not good for anyone. > > > > Regards, > Jason > > > > > > On Thu, Feb 24, 2022 at 1:31 PM Alec J Summers <asumm...@mitre.org> wrote: > > Dear Board members, > > > > Good afternoon! > > > > During our last meeting, we spoke about the request from community > stakeholders to establish a working group to build a REST API for the > CWE/CAPEC program. The Board had several questions regarding the intention, > technical specifications, target audience, and milestones associated with > the request. Recall that the Board charter differentiates a working group > from a special interest group in that it is not intended to operate on an > open-ended timeline and is meant to achieve a particular outcome. > > > > I have attached a document of answers to Board’s questions from the > Accellera Systems Initiative IPSA working group members – the group > responsible for the initial request for a CWE REST API working group. I > have also cced the proposed chair of the working group, Adam Cron > (Synopsys), as well as two other members Brent Sherman (Intel) and Kathy > Hayashi (Qualcomm) so they may provide clarifications or reply to any > additional questions directly in this thread. > > > > Cheers, > > Alec > > > > -- > > *Alec J. Summers* > > Cyber Solutions Innovation Center > > Group Leader, Software Assurance Research & Practice > > Cyber Security Engineer, Lead > > O: (781) 271-6970 > > C: (781) 496-8426 > > *––––––––––––––––––––––––––––––––––––* > > *MITRE - Solving Problems for a Safer World* > > > > > > > -- > > *Error! Filename not specified.* > > Dr. Jason Oberg | Co-Founder and CTO | +1 (808) 635-7604 > > Tortuga Logic > <https://urldefense.com/v3/__http:/www.tortugalogic.com/__;!!A4F2R9G_pg!KhP1Tp0dIAuQOQwjf78PecF8WBfuwNa4sP9WLK03IjU7Hr9AnrUoeHynYR0srqW5IQ$> > | 75 E Santa Clara Street, San Jose, CA 95113 > > > > NOTICE TO RECIPIENT | This email and any attachments may contain private, > confidential and privileged material for the sole use of the intended > recipient. If you are not the intended recipient, please immediately notify > the sender of the error by return email and delete this email and any > attachments. > > > > > -- > > *Error! Filename not specified.* > > Dr. Jason Oberg | Co-Founder and CTO | +1 (808) 635-7604 > > Tortuga Logic > <https://urldefense.com/v3/__http:/www.tortugalogic.com/__;!!A4F2R9G_pg!KhP1Tp0dIAuQOQwjf78PecF8WBfuwNa4sP9WLK03IjU7Hr9AnrUoeHynYR0srqW5IQ$> > | 75 E Santa Clara Street, San Jose, CA 95113 > > > > NOTICE TO RECIPIENT | This email and any attachments may contain private, > confidential and privileged material for the sole use of the intended > recipient. If you are not the intended recipient, please immediately notify > the sender of the error by return email and delete this email and any > attachments. > > > > > -- > > Kurt Seifried (He/Him) > k...@seifried.org > -- Kurt Seifried (He/Him) k...@seifried.org
