The OASIS nonprofit organization has formed a committee consisting of government and technology industry representatives to develop open standards for automated analysis and sharing of cyber-related threat information.OASIS said Thursday its Cyber Threat Intelligence Technical Committee also seeks to promote the STIX, TAXII and CyBOX programming languages for organizations to avoid, detect and remediate cyber attacks.
The committee’s public-sector members are the U.S. Department of Homeland Security and the National Institute of Standards and Technology.
Private-sector members include Boeing, Cisco, Dell, EMC and IBM.
Richard Struse, chief advanced technology officer at the DHS-run National Cybersecurity and Communications Integration Center, serves as chair of the committee.
The STIX framework is designed to help users characterize a hacker’s motivation, tools and activity, while TAXII works to help organizations share threat indicators with their partner organizations.
CybOX works to specify, capture and communicate events or across the system and network, OASIS noted.
Mitre representatives lead the CTI STIX, TAXII and CybOX subcommittees.
