RE: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

2022-03-04 Thread Adam Cron 
My hope is that the REST API accesses the native database, and not a COPY of 
the database. Folks around the world are making “copies”, now, and the REST API 
is really meant to solve THAT particular problem (as well as many others).

That being said, I really don’t know what is “behind” the web site I am 
clicking on, now, to show me the CWE information. So, someone inside MITRE 
might have a better answer.

From: Kurt Seifried 
Sent: Friday, March 4, 2022 2:55 PM
To: Alec J Summers 
Cc: Adam Cron ; CWE CAPEC Board 
; Hayashi, Kathy ; 
Sherman, Brent ; Oberg, Jason 

Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

Maybe this question was already answered but I can't find it: what's the 
backend data source? E.g. will the REST API simply provide an interface to the 
XML download, and then that XML gets updated as MITRE releases new versions? I 
assume the "source of truth" is still on an internal MITRE system, if so how 
does that data get to the rest API (do we need an API for that ;).

On Fri, Mar 4, 2022 at 12:31 PM Alec J Summers 
mailto:asumm...@mitre.org>> wrote:
Good afternoon, all!

I wanted to clarify one point with respect to the API WG. The group is open to 
all community members with interest in participating, and the deliberations, 
work, decisions, etc. will be public. While elements of the CWE/CAPEC sites’ 
backend infrastructure are not currently open-source, the REST API itself will 
be, as well as any reference implementations that the WG chooses to develop. 
Most of the REST API development will take place outside of the MITRE team and 
so the code will be open source and integrated with the closed source CWE/CAPEC 
backend infrastructure.

It is conceivable that all CWE/CAPEC code could one day be open-source, but 
that is not the case right now.

Cheers,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Alec J Summers mailto:asumm...@mitre.org>>
Date: Tuesday, March 1, 2022 at 6:15 PM
To: Seifried, Kurt mailto:k...@seifried.org>>, Adam Cron 
mailto:adam.c...@synopsys.com>>
Cc: CWE CAPEC Board 
mailto:cwe-capec-board-list@mitre.org>>, 
Hayashi, Kathy mailto:kat...@qualcomm.com>>, Sherman, 
Brent mailto:brent.m.sher...@intel.com>>, Oberg, 
Jason mailto:ja...@tortugalogic.com>>
Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Clarification: “working on read access to start.”

Apologies for the miscommunication.

Cheers,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Alec J Summers mailto:asumm...@mitre.org>>
Date: Tuesday, March 1, 2022 at 5:41 PM
To: Seifried, Kurt mailto:k...@seifried.org>>, Adam Cron 
mailto:adam.c...@synopsys.com>>
Cc: CWE CAPEC Board 
mailto:cwe-capec-board-list@mitre.org>>, 
Hayashi, Kathy mailto:kat...@qualcomm.com>>, Sherman, 
Brent mailto:brent.m.sher...@intel.com>>, Oberg, 
Jason mailto:ja...@tortugalogic.com>>
Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Kurt,

Thanks for your note. This was a question that Adam et al answered in the 
document I shared on 2/24. In short, the working group would start working 
towards a REST API to start.

Best,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Kurt Seifried mailto:k...@seifried.org>>
Date: Tuesday, March 1, 2022 at 5:33 PM
To: Adam Cron mailto:adam.c...@synopsys.com>>
Cc: Alec J Summers mailto:asumm...@mitre.org>>, CWE CAPEC 
Board mailto:cwe-capec-board-list@mitre.org>>, 
Hayashi, Kathy mailto:kat...@qualcomm.com>>, Sherman, 
Brent mailto:brent.m.sher...@intel.com>>, Oberg, 
Jason mailto:ja...@tortugalogic.com>>
Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Is this REST API read only, or also write to update CWEs, or?

On Tue, Mar 1, 2022 at 9:23 AM Adam Cron 
mailto:adam.c...@synopsys.com>> wrote:
I have no objections. Enclosed is a strawman invitation. Please edit or comment 
as you see fit. Please don’t forward it out, yet.

Best regards,

Adam

From: Alec J Summers mailto:asumm...@mitre.org>>
Sent: Tuesday, March 1, 2022 9:45 AM
To: CWE CAPEC Board 
mailto:cwe-capec-board-list@mitre.org>>
Cc: Adam Cron mailto:ac...@synopsys.com>>; Hayashi, Kathy 
mailto:kat...@qualcomm.com>>; Sherman, Bren

Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

2022-03-04 Thread Kurt Seifried 
Maybe this question was already answered but I can't find it: what's the
backend data source? E.g. will the REST API simply provide an interface to
the XML download, and then that XML gets updated as MITRE releases new
versions? I assume the "source of truth" is still on an internal MITRE
system, if so how does that data get to the rest API (do we need an API for
that ;).

On Fri, Mar 4, 2022 at 12:31 PM Alec J Summers  wrote:

> Good afternoon, all!
>
>
>
> I wanted to clarify one point with respect to the API WG. The group is
> open to all community members with interest in participating, and the
> deliberations, work, decisions, etc. will be public. While elements of the
> CWE/CAPEC sites’ backend infrastructure are not currently open-source, the
> REST API itself will be, as well as any reference implementations that the
> WG chooses to develop. Most of the REST API development will take place
> outside of the MITRE team and so the code will be open source and
> integrated with the closed source CWE/CAPEC backend infrastructure.
>
>
>
> It is conceivable that all CWE/CAPEC code could one day be open-source,
> but that is not the case right now.
>
>
>
> Cheers,
>
> Alec
>
>
>
> --
>
> *Alec J. Summers*
>
> Cyber Solutions Innovation Center
>
> Group Leader, Software Assurance Research & Practice
>
> Cyber Security Engineer, Lead
>
> O: (781) 271-6970
>
> C: (781) 496-8426
>
> **
>
> *MITRE - Solving Problems for a Safer World*
>
>
>
>
>
> *From: *Alec J Summers 
> *Date: *Tuesday, March 1, 2022 at 6:15 PM
> *To: *Seifried, Kurt , Adam Cron <
> adam.c...@synopsys.com>
> *Cc: *CWE CAPEC Board , Hayashi, Kathy <
> kat...@qualcomm.com>, Sherman, Brent , Oberg,
> Jason 
> *Subject: *Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
>
> Clarification: “working on read access to start.”
>
>
>
> Apologies for the miscommunication.
>
>
>
> Cheers,
>
> Alec
>
>
>
> --
>
> *Alec J. Summers*
>
> Cyber Solutions Innovation Center
>
> Group Leader, Software Assurance Research & Practice
>
> Cyber Security Engineer, Lead
>
> O: (781) 271-6970
>
> C: (781) 496-8426
>
> **
>
> *MITRE - Solving Problems for a Safer World*
>
>
>
>
>
> *From: *Alec J Summers 
> *Date: *Tuesday, March 1, 2022 at 5:41 PM
> *To: *Seifried, Kurt , Adam Cron <
> adam.c...@synopsys.com>
> *Cc: *CWE CAPEC Board , Hayashi, Kathy <
> kat...@qualcomm.com>, Sherman, Brent , Oberg,
> Jason 
> *Subject: *Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
>
> Kurt,
>
>
>
> Thanks for your note. This was a question that Adam et al answered in the
> document I shared on 2/24. In short, the working group would start working
> towards a REST API to start.
>
>
>
> Best,
>
> Alec
>
>
>
> --
>
> *Alec J. Summers*
>
> Cyber Solutions Innovation Center
>
> Group Leader, Software Assurance Research & Practice
>
> Cyber Security Engineer, Lead
>
> O: (781) 271-6970
>
> C: (781) 496-8426
>
> **
>
> *MITRE - Solving Problems for a Safer World*
>
>
>
>
>
> *From: *Kurt Seifried 
> *Date: *Tuesday, March 1, 2022 at 5:33 PM
> *To: *Adam Cron 
> *Cc: *Alec J Summers , CWE CAPEC Board <
> cwe-capec-board-list@mitre.org>, Hayashi, Kathy ,
> Sherman, Brent , Oberg, Jason <
> ja...@tortugalogic.com>
> *Subject: *Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
>
> Is this REST API read only, or also write to update CWEs, or?
>
>
>
> On Tue, Mar 1, 2022 at 9:23 AM Adam Cron  wrote:
>
> I have no objections. Enclosed is a strawman invitation. Please edit or
> comment as you see fit. Please don’t forward it out, yet.
>
>
>
> Best regards,
>
>
>
> Adam
>
>
>
> *From:* Alec J Summers 
> *Sent:* Tuesday, March 1, 2022 9:45 AM
> *To:* CWE CAPEC Board 
> *Cc:* Adam Cron ; Hayashi, Kathy ;
> Sherman, Brent ; Oberg, Jason <
> ja...@tortugalogic.com>
> *Subject:* Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
>
>
>
> Good morning, all.
>
>
>
> I wanted to follow up on this thread and see if there were any other
> questions or thoughts for the REST API Working Group proposal.
>
>
>
> If not, I wanted to ask if there were any objections to officially
> authorize this group to begin discussions and determine the path forward.
>
>
>
> Cheers,
>
> Alec
>
>
>
> --
>
> *Alec J. Sum

Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

2022-03-04 Thread Alec J Summers 
Good afternoon, all!

I wanted to clarify one point with respect to the API WG. The group is open to 
all community members with interest in participating, and the deliberations, 
work, decisions, etc. will be public. While elements of the CWE/CAPEC sites’ 
backend infrastructure are not currently open-source, the REST API itself will 
be, as well as any reference implementations that the WG chooses to develop. 
Most of the REST API development will take place outside of the MITRE team and 
so the code will be open source and integrated with the closed source CWE/CAPEC 
backend infrastructure.

It is conceivable that all CWE/CAPEC code could one day be open-source, but 
that is not the case right now.

Cheers,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Alec J Summers 
Date: Tuesday, March 1, 2022 at 6:15 PM
To: Seifried, Kurt , Adam Cron 
Cc: CWE CAPEC Board , Hayashi, Kathy 
, Sherman, Brent , Oberg, Jason 

Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Clarification: “working on read access to start.”

Apologies for the miscommunication.

Cheers,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Alec J Summers 
Date: Tuesday, March 1, 2022 at 5:41 PM
To: Seifried, Kurt , Adam Cron 
Cc: CWE CAPEC Board , Hayashi, Kathy 
, Sherman, Brent , Oberg, Jason 

Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Kurt,

Thanks for your note. This was a question that Adam et al answered in the 
document I shared on 2/24. In short, the working group would start working 
towards a REST API to start.

Best,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Kurt Seifried 
Date: Tuesday, March 1, 2022 at 5:33 PM
To: Adam Cron 
Cc: Alec J Summers , CWE CAPEC Board 
, Hayashi, Kathy , 
Sherman, Brent , Oberg, Jason 

Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Is this REST API read only, or also write to update CWEs, or?

On Tue, Mar 1, 2022 at 9:23 AM Adam Cron 
mailto:adam.c...@synopsys.com>> wrote:
I have no objections. Enclosed is a strawman invitation. Please edit or comment 
as you see fit. Please don’t forward it out, yet.

Best regards,

Adam

From: Alec J Summers mailto:asumm...@mitre.org>>
Sent: Tuesday, March 1, 2022 9:45 AM
To: CWE CAPEC Board 
mailto:cwe-capec-board-list@mitre.org>>
Cc: Adam Cron mailto:ac...@synopsys.com>>; Hayashi, Kathy 
mailto:kat...@qualcomm.com>>; Sherman, Brent 
mailto:brent.m.sher...@intel.com>>; Oberg, Jason 
mailto:ja...@tortugalogic.com>>
Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

Good morning, all.

I wanted to follow up on this thread and see if there were any other questions 
or thoughts for the REST API Working Group proposal.

If not, I wanted to ask if there were any objections to officially authorize 
this group to begin discussions and determine the path forward.

Cheers,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Jason Oberg mailto:ja...@tortugalogic.com>>
Date: Friday, February 25, 2022 at 10:02 AM
To: Sherman, Brent mailto:brent.m.sher...@intel.com>>
Cc: Alec J Summers mailto:asumm...@mitre.org>>, CWE CAPEC 
Board mailto:cwe-capec-board-list@mitre.org>>, 
Adam Cron mailto:adam.c...@synopsys.com>>, Hayashi, 
Kathy mailto:kat...@qualcomm.com>>
Subject: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Hi Brent,

Understood. I think it's reasonable that one goal of the working group should 
be to flesh these details out. I just worry this piece of it might be the long 
pole so it likely needs serious consideration early on so there is a 
foreseeable path forward.

Regards,
Jason


On Thu, Feb 24, 2022 at 2:28 PM Sherman, Brent M 
mailto:brent.m.sher...@intel.com>> wrote:
hi jason,
thank you for your support, greatly appreciated!
I agree there needs to be a path towards implementation however I think this is 
something the wg needs to answer (adam, kathy – please correct me if I’m wrong).
I think we (ipsa wg) know the answers to your questions however, maybe there is 
something we are not aware of which is

Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

2022-03-01 Thread Alec J Summers 
Clarification: “working on read access to start.”

Apologies for the miscommunication.

Cheers,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Alec J Summers 
Date: Tuesday, March 1, 2022 at 5:41 PM
To: Seifried, Kurt , Adam Cron 
Cc: CWE CAPEC Board , Hayashi, Kathy 
, Sherman, Brent , Oberg, Jason 

Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Kurt,

Thanks for your note. This was a question that Adam et al answered in the 
document I shared on 2/24. In short, the working group would start working 
towards a REST API to start.

Best,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Kurt Seifried 
Date: Tuesday, March 1, 2022 at 5:33 PM
To: Adam Cron 
Cc: Alec J Summers , CWE CAPEC Board 
, Hayashi, Kathy , 
Sherman, Brent , Oberg, Jason 

Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Is this REST API read only, or also write to update CWEs, or?

On Tue, Mar 1, 2022 at 9:23 AM Adam Cron 
mailto:adam.c...@synopsys.com>> wrote:
I have no objections. Enclosed is a strawman invitation. Please edit or comment 
as you see fit. Please don’t forward it out, yet.

Best regards,

Adam

From: Alec J Summers mailto:asumm...@mitre.org>>
Sent: Tuesday, March 1, 2022 9:45 AM
To: CWE CAPEC Board 
mailto:cwe-capec-board-list@mitre.org>>
Cc: Adam Cron mailto:ac...@synopsys.com>>; Hayashi, Kathy 
mailto:kat...@qualcomm.com>>; Sherman, Brent 
mailto:brent.m.sher...@intel.com>>; Oberg, Jason 
mailto:ja...@tortugalogic.com>>
Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

Good morning, all.

I wanted to follow up on this thread and see if there were any other questions 
or thoughts for the REST API Working Group proposal.

If not, I wanted to ask if there were any objections to officially authorize 
this group to begin discussions and determine the path forward.

Cheers,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Jason Oberg mailto:ja...@tortugalogic.com>>
Date: Friday, February 25, 2022 at 10:02 AM
To: Sherman, Brent mailto:brent.m.sher...@intel.com>>
Cc: Alec J Summers mailto:asumm...@mitre.org>>, CWE CAPEC 
Board mailto:cwe-capec-board-list@mitre.org>>, 
Adam Cron mailto:adam.c...@synopsys.com>>, Hayashi, 
Kathy mailto:kat...@qualcomm.com>>
Subject: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Hi Brent,

Understood. I think it's reasonable that one goal of the working group should 
be to flesh these details out. I just worry this piece of it might be the long 
pole so it likely needs serious consideration early on so there is a 
foreseeable path forward.

Regards,
Jason


On Thu, Feb 24, 2022 at 2:28 PM Sherman, Brent M 
mailto:brent.m.sher...@intel.com>> wrote:
hi jason,
thank you for your support, greatly appreciated!
I agree there needs to be a path towards implementation however I think this is 
something the wg needs to answer (adam, kathy – please correct me if I’m wrong).
I think we (ipsa wg) know the answers to your questions however, maybe there is 
something we are not aware of which is why we want to form the wg.
hopefully that makes sense.

thanks
brent


From: Jason Oberg mailto:ja...@tortugalogic.com>>
Sent: Thursday, February 24, 2022 2:11 PM
To: Alec J Summers mailto:asumm...@mitre.org>>
Cc: CWE CAPEC Board 
mailto:cwe-capec-board-list@mitre.org>>; Adam 
Cron mailto:adam.c...@synopsys.com>>; Sherman, Brent M 
mailto:brent.m.sher...@intel.com>>; Hayashi, Kathy 
mailto:kat...@qualcomm.com>>
Subject: Re: CWE/CAPEC Rest API Working Group Documentation

Adam, Kathy, Brent,

Thank you for taking on this important initiative. I'm fully supportive and it 
is very much needed.

While defining the API is the first step, I'm wondering what the path is to 
actually implement it. Specifically:

  *   Can the existing CWE data model support APIs that are RESTful?
  *   Who will execute on the API endpoint development work? Will MITRE or 
another party?
These may be questions for MITRE, but I think it's important to have a path 
towards implementation while the APIs are defined. We surely all agree that 
defining an API that never gets built is not good for anyone.

Regards,
Jason


On Thu, Feb 24, 2022 at 1:31 PM Alec J Summers 
mailto:asumm...@mitre.org>>

Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

2022-03-01 Thread Alec J Summers 
Kurt,

Thanks for your note. This was a question that Adam et al answered in the 
document I shared on 2/24. In short, the working group would start working 
towards a REST API to start.

Best,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Kurt Seifried 
Date: Tuesday, March 1, 2022 at 5:33 PM
To: Adam Cron 
Cc: Alec J Summers , CWE CAPEC Board 
, Hayashi, Kathy , 
Sherman, Brent , Oberg, Jason 

Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Is this REST API read only, or also write to update CWEs, or?

On Tue, Mar 1, 2022 at 9:23 AM Adam Cron 
mailto:adam.c...@synopsys.com>> wrote:
I have no objections. Enclosed is a strawman invitation. Please edit or comment 
as you see fit. Please don’t forward it out, yet.

Best regards,

Adam

From: Alec J Summers mailto:asumm...@mitre.org>>
Sent: Tuesday, March 1, 2022 9:45 AM
To: CWE CAPEC Board 
mailto:cwe-capec-board-list@mitre.org>>
Cc: Adam Cron mailto:ac...@synopsys.com>>; Hayashi, Kathy 
mailto:kat...@qualcomm.com>>; Sherman, Brent 
mailto:brent.m.sher...@intel.com>>; Oberg, Jason 
mailto:ja...@tortugalogic.com>>
Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

Good morning, all.

I wanted to follow up on this thread and see if there were any other questions 
or thoughts for the REST API Working Group proposal.

If not, I wanted to ask if there were any objections to officially authorize 
this group to begin discussions and determine the path forward.

Cheers,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Jason Oberg mailto:ja...@tortugalogic.com>>
Date: Friday, February 25, 2022 at 10:02 AM
To: Sherman, Brent mailto:brent.m.sher...@intel.com>>
Cc: Alec J Summers mailto:asumm...@mitre.org>>, CWE CAPEC 
Board mailto:cwe-capec-board-list@mitre.org>>, 
Adam Cron mailto:adam.c...@synopsys.com>>, Hayashi, 
Kathy mailto:kat...@qualcomm.com>>
Subject: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Hi Brent,

Understood. I think it's reasonable that one goal of the working group should 
be to flesh these details out. I just worry this piece of it might be the long 
pole so it likely needs serious consideration early on so there is a 
foreseeable path forward.

Regards,
Jason


On Thu, Feb 24, 2022 at 2:28 PM Sherman, Brent M 
mailto:brent.m.sher...@intel.com>> wrote:
hi jason,
thank you for your support, greatly appreciated!
I agree there needs to be a path towards implementation however I think this is 
something the wg needs to answer (adam, kathy – please correct me if I’m wrong).
I think we (ipsa wg) know the answers to your questions however, maybe there is 
something we are not aware of which is why we want to form the wg.
hopefully that makes sense.

thanks
brent


From: Jason Oberg mailto:ja...@tortugalogic.com>>
Sent: Thursday, February 24, 2022 2:11 PM
To: Alec J Summers mailto:asumm...@mitre.org>>
Cc: CWE CAPEC Board 
mailto:cwe-capec-board-list@mitre.org>>; Adam 
Cron mailto:adam.c...@synopsys.com>>; Sherman, Brent M 
mailto:brent.m.sher...@intel.com>>; Hayashi, Kathy 
mailto:kat...@qualcomm.com>>
Subject: Re: CWE/CAPEC Rest API Working Group Documentation

Adam, Kathy, Brent,

Thank you for taking on this important initiative. I'm fully supportive and it 
is very much needed.

While defining the API is the first step, I'm wondering what the path is to 
actually implement it. Specifically:

  *   Can the existing CWE data model support APIs that are RESTful?
  *   Who will execute on the API endpoint development work? Will MITRE or 
another party?
These may be questions for MITRE, but I think it's important to have a path 
towards implementation while the APIs are defined. We surely all agree that 
defining an API that never gets built is not good for anyone.

Regards,
Jason


On Thu, Feb 24, 2022 at 1:31 PM Alec J Summers 
mailto:asumm...@mitre.org>> wrote:
Dear Board members,

Good afternoon!

During our last meeting, we spoke about the request from community stakeholders 
to establish a working group to build a REST API for the CWE/CAPEC program. The 
Board had several questions regarding the intention, technical specifications, 
target audience, and milestones associated with the request. Recall that the 
Board charter differentiates a working group from a special interest group in 
that it is not intended to operate on an open-ended timeline and is meant to 
achieve a particular outcome.

I have attached a document of answers t

Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

2022-03-01 Thread Kurt Seifried 
Is this REST API read only, or also write to update CWEs, or?

On Tue, Mar 1, 2022 at 9:23 AM Adam Cron  wrote:

> I have no objections. Enclosed is a strawman invitation. Please edit or
> comment as you see fit. Please don’t forward it out, yet.
>
>
>
> Best regards,
>
>
>
> Adam
>
>
>
> *From:* Alec J Summers 
> *Sent:* Tuesday, March 1, 2022 9:45 AM
> *To:* CWE CAPEC Board 
> *Cc:* Adam Cron ; Hayashi, Kathy ;
> Sherman, Brent ; Oberg, Jason <
> ja...@tortugalogic.com>
> *Subject:* Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
>
>
>
> Good morning, all.
>
>
>
> I wanted to follow up on this thread and see if there were any other
> questions or thoughts for the REST API Working Group proposal.
>
>
>
> If not, I wanted to ask if there were any objections to officially
> authorize this group to begin discussions and determine the path forward.
>
>
>
> Cheers,
>
> Alec
>
>
>
> --
>
> *Alec J. Summers*
>
> Cyber Solutions Innovation Center
>
> Group Leader, Software Assurance Research & Practice
>
> Cyber Security Engineer, Lead
>
> O: (781) 271-6970
>
> C: (781) 496-8426
>
> **
>
> *MITRE - Solving Problems for a Safer World*
>
>
>
>
>
> *From: *Jason Oberg 
> *Date: *Friday, February 25, 2022 at 10:02 AM
> *To: *Sherman, Brent 
> *Cc: *Alec J Summers , CWE CAPEC Board <
> cwe-capec-board-list@mitre.org>, Adam Cron ,
> Hayashi, Kathy 
> *Subject: *[EXT] Re: CWE/CAPEC Rest API Working Group Documentation
>
> Hi Brent,
>
>
>
> Understood. I think it's reasonable that one goal of the working group
> should be to flesh these details out. I just worry this piece of it might
> be the long pole so it likely needs serious consideration early on so there
> is a foreseeable path forward.
>
>
>
> Regards,
>
> Jason
>
>
>
>
>
> On Thu, Feb 24, 2022 at 2:28 PM Sherman, Brent M <
> brent.m.sher...@intel.com> wrote:
>
> hi jason,
>
> thank you for your support, greatly appreciated!
>
> I agree there needs to be a path towards implementation however I think
> this is something the wg needs to answer (adam, kathy – please correct me
> if I’m wrong).
>
> I think we (ipsa wg) know the answers to your questions however, maybe
> there is something we are not aware of which is why we want to form the wg.
>
> hopefully that makes sense.
>
>
>
> thanks
>
> brent
>
>
>
>
>
> *From:* Jason Oberg 
> *Sent:* Thursday, February 24, 2022 2:11 PM
> *To:* Alec J Summers 
> *Cc:* CWE CAPEC Board ; Adam Cron <
> adam.c...@synopsys.com>; Sherman, Brent M ;
> Hayashi, Kathy 
> *Subject:* Re: CWE/CAPEC Rest API Working Group Documentation
>
>
>
> Adam, Kathy, Brent,
>
>
>
> Thank you for taking on this important initiative. I'm fully supportive
> and it is very much needed.
>
>
>
> While defining the API is the first step, I'm wondering what the path is
> to actually implement it. Specifically:
>
>- Can the existing CWE data model support APIs that are RESTful?
>- Who will execute on the API endpoint development work? Will MITRE or
>another party?
>
> These may be questions for MITRE, but I think it's important to have a
> path towards implementation while the APIs are defined. We surely all agree
> that defining an API that never gets built is not good for anyone.
>
>
>
> Regards,
> Jason
>
>
>
>
>
> On Thu, Feb 24, 2022 at 1:31 PM Alec J Summers  wrote:
>
> Dear Board members,
>
>
>
> Good afternoon!
>
>
>
> During our last meeting, we spoke about the request from community
> stakeholders to establish a working group to build a REST API for the
> CWE/CAPEC program. The Board had several questions regarding the intention,
> technical specifications, target audience, and milestones associated with
> the request. Recall that the Board charter differentiates a working group
> from a special interest group in that it is not intended to operate on an
> open-ended timeline and is meant to achieve a particular outcome.
>
>
>
> I have attached a document of answers to Board’s questions from the
> Accellera Systems Initiative IPSA working group members – the group
> responsible for the initial request for a CWE REST API working group. I
> have also cced the proposed chair of the working group, Adam Cron
> (Synopsys), as well as two other members Brent Sherman (Intel) and Kathy
> Hayashi (Qualcomm) so they may provide clarifications or reply to any
> additional questions directly in this thread.
>
>
>
&

RE: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

2022-03-01 Thread Adam Cron 
I have no objections. Enclosed is a strawman invitation. Please edit or comment 
as you see fit. Please don't forward it out, yet.

Best regards,

Adam

From: Alec J Summers 
Sent: Tuesday, March 1, 2022 9:45 AM
To: CWE CAPEC Board 
Cc: Adam Cron ; Hayashi, Kathy ; 
Sherman, Brent ; Oberg, Jason 

Subject: Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

Good morning, all.

I wanted to follow up on this thread and see if there were any other questions 
or thoughts for the REST API Working Group proposal.

If not, I wanted to ask if there were any objections to officially authorize 
this group to begin discussions and determine the path forward.

Cheers,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Jason Oberg mailto:ja...@tortugalogic.com>>
Date: Friday, February 25, 2022 at 10:02 AM
To: Sherman, Brent mailto:brent.m.sher...@intel.com>>
Cc: Alec J Summers mailto:asumm...@mitre.org>>, CWE CAPEC 
Board mailto:cwe-capec-board-list@mitre.org>>, 
Adam Cron mailto:adam.c...@synopsys.com>>, Hayashi, 
Kathy mailto:kat...@qualcomm.com>>
Subject: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Hi Brent,

Understood. I think it's reasonable that one goal of the working group should 
be to flesh these details out. I just worry this piece of it might be the long 
pole so it likely needs serious consideration early on so there is a 
foreseeable path forward.

Regards,
Jason


On Thu, Feb 24, 2022 at 2:28 PM Sherman, Brent M 
mailto:brent.m.sher...@intel.com>> wrote:
hi jason,
thank you for your support, greatly appreciated!
I agree there needs to be a path towards implementation however I think this is 
something the wg needs to answer (adam, kathy - please correct me if I'm wrong).
I think we (ipsa wg) know the answers to your questions however, maybe there is 
something we are not aware of which is why we want to form the wg.
hopefully that makes sense.

thanks
brent


From: Jason Oberg mailto:ja...@tortugalogic.com>>
Sent: Thursday, February 24, 2022 2:11 PM
To: Alec J Summers mailto:asumm...@mitre.org>>
Cc: CWE CAPEC Board 
mailto:cwe-capec-board-list@mitre.org>>; Adam 
Cron mailto:adam.c...@synopsys.com>>; Sherman, Brent M 
mailto:brent.m.sher...@intel.com>>; Hayashi, Kathy 
mailto:kat...@qualcomm.com>>
Subject: Re: CWE/CAPEC Rest API Working Group Documentation

Adam, Kathy, Brent,

Thank you for taking on this important initiative. I'm fully supportive and it 
is very much needed.

While defining the API is the first step, I'm wondering what the path is to 
actually implement it. Specifically:

  *   Can the existing CWE data model support APIs that are RESTful?
  *   Who will execute on the API endpoint development work? Will MITRE or 
another party?
These may be questions for MITRE, but I think it's important to have a path 
towards implementation while the APIs are defined. We surely all agree that 
defining an API that never gets built is not good for anyone.

Regards,
Jason


On Thu, Feb 24, 2022 at 1:31 PM Alec J Summers 
mailto:asumm...@mitre.org>> wrote:
Dear Board members,

Good afternoon!

During our last meeting, we spoke about the request from community stakeholders 
to establish a working group to build a REST API for the CWE/CAPEC program. The 
Board had several questions regarding the intention, technical specifications, 
target audience, and milestones associated with the request. Recall that the 
Board charter differentiates a working group from a special interest group in 
that it is not intended to operate on an open-ended timeline and is meant to 
achieve a particular outcome.

I have attached a document of answers to Board's questions from the Accellera 
Systems Initiative IPSA working group members - the group responsible for the 
initial request for a CWE REST API working group. I have also cced the proposed 
chair of the working group, Adam Cron (Synopsys), as well as two other members 
Brent Sherman (Intel) and Kathy Hayashi (Qualcomm) so they may provide 
clarifications or reply to any additional questions directly in this thread.

Cheers,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World



--

Error! Filename not specified.

Dr. Jason Oberg | Co-Founder and CTO | +1 (808) 635-7604

Tortuga 
Logic<https://urldefense.com/v3/__http:/www.tortugalogic.com/__;!!A4F2R9G_pg!KhP1Tp0dIAuQOQwjf78PecF8WBfuwNa4sP9WLK03IjU7Hr9AnrUoeHynYR0srqW5IQ$>
  |  75 E Santa Clara Street, San Jose, CA 95113



NOTICE TO RECIPIENT | This email and any attachments may

Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation

2022-03-01 Thread Alec J Summers 
Good morning, all.

I wanted to follow up on this thread and see if there were any other questions 
or thoughts for the REST API Working Group proposal.

If not, I wanted to ask if there were any objections to officially authorize 
this group to begin discussions and determine the path forward.

Cheers,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World


From: Jason Oberg 
Date: Friday, February 25, 2022 at 10:02 AM
To: Sherman, Brent 
Cc: Alec J Summers , CWE CAPEC Board 
, Adam Cron , Hayashi, 
Kathy 
Subject: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation
Hi Brent,

Understood. I think it's reasonable that one goal of the working group should 
be to flesh these details out. I just worry this piece of it might be the long 
pole so it likely needs serious consideration early on so there is a 
foreseeable path forward.

Regards,
Jason


On Thu, Feb 24, 2022 at 2:28 PM Sherman, Brent M 
mailto:brent.m.sher...@intel.com>> wrote:
hi jason,
thank you for your support, greatly appreciated!
I agree there needs to be a path towards implementation however I think this is 
something the wg needs to answer (adam, kathy – please correct me if I’m wrong).
I think we (ipsa wg) know the answers to your questions however, maybe there is 
something we are not aware of which is why we want to form the wg.
hopefully that makes sense.

thanks
brent


From: Jason Oberg mailto:ja...@tortugalogic.com>>
Sent: Thursday, February 24, 2022 2:11 PM
To: Alec J Summers mailto:asumm...@mitre.org>>
Cc: CWE CAPEC Board 
mailto:cwe-capec-board-list@mitre.org>>; Adam 
Cron mailto:adam.c...@synopsys.com>>; Sherman, Brent M 
mailto:brent.m.sher...@intel.com>>; Hayashi, Kathy 
mailto:kat...@qualcomm.com>>
Subject: Re: CWE/CAPEC Rest API Working Group Documentation

Adam, Kathy, Brent,

Thank you for taking on this important initiative. I'm fully supportive and it 
is very much needed.

While defining the API is the first step, I'm wondering what the path is to 
actually implement it. Specifically:

  *   Can the existing CWE data model support APIs that are RESTful?
  *   Who will execute on the API endpoint development work? Will MITRE or 
another party?
These may be questions for MITRE, but I think it's important to have a path 
towards implementation while the APIs are defined. We surely all agree that 
defining an API that never gets built is not good for anyone.

Regards,
Jason


On Thu, Feb 24, 2022 at 1:31 PM Alec J Summers 
mailto:asumm...@mitre.org>> wrote:
Dear Board members,

Good afternoon!

During our last meeting, we spoke about the request from community stakeholders 
to establish a working group to build a REST API for the CWE/CAPEC program. The 
Board had several questions regarding the intention, technical specifications, 
target audience, and milestones associated with the request. Recall that the 
Board charter differentiates a working group from a special interest group in 
that it is not intended to operate on an open-ended timeline and is meant to 
achieve a particular outcome.

I have attached a document of answers to Board’s questions from the Accellera 
Systems Initiative IPSA working group members – the group responsible for the 
initial request for a CWE REST API working group. I have also cced the proposed 
chair of the working group, Adam Cron (Synopsys), as well as two other members 
Brent Sherman (Intel) and Kathy Hayashi (Qualcomm) so they may provide 
clarifications or reply to any additional questions directly in this thread.

Cheers,
Alec

--
Alec J. Summers
Cyber Solutions Innovation Center
Group Leader, Software Assurance Research & Practice
Cyber Security Engineer, Lead
O: (781) 271-6970
C: (781) 496-8426

MITRE - Solving Problems for a Safer World



--

Error! Filename not specified.

Dr. Jason Oberg | Co-Founder and CTO | +1 (808) 635-7604

Tortuga Logic  |  75 E Santa Clara Street, San 
Jose, CA 95113



NOTICE TO RECIPIENT | This email and any attachments may contain private, 
confidential and privileged material for the sole use of the intended 
recipient. If you are not the intended recipient, please immediately notify the 
sender of the error by return email and delete this email and any attachments.


--

Error! Filename not specified.

Dr. Jason Oberg | Co-Founder and CTO | +1 (808) 635-7604

Tortuga Logic  |  75 E Santa Clara Street, San 
Jose, CA 95113



NOTICE TO RECIPIENT | This email and any attachments may contain private, 
confidential and privileged material for the sole use of the intended 
recipient. If you are not the intended recipient, please immediately notify the 
sender of the error by return email and delete this email and any attachments.