-
Notifications
You must be signed in to change notification settings - Fork 21
Controlled Vocabulary Fixes
The current version (1.0) of the DiscoveryMethod vocabulary has duplicate values for "Fraud Detection". The descriptions indicate that these were intended to be one for "Internal Fraud Detection" and one for "External Fraud Detection" but they were added incorrectly.
The fix is to create a new version of that vocabulary and publish that with STIX 1.2. This will not impact existing users of the 1.0 vocabulary but updates to APIs and bindings that use the new version of the vocabulary may break code if these entries were referenced strictly by name.
Example (Current):
<stix:Incident>
<incident:Discovery_Method xsi:type="stixVocabs:DiscoveryMethodVocab-1.0">Fraud Detection</incident:Discovery_Method>
</stix:Incident>Although there are two entries of "Fraud Detection" this is schema-valid and does not break anything.
Proposed Changes:
<stix:Incident>
<incident:Discovery_Method xsi:type="stixVocabs:DiscoveryMethodVocab-1.1">Internal - Fraud Detection</incident:Discovery_Method>
</stix:Incident>Decision: Should this change be made in version 1.2?
Additionally, a minor change will remove spurious duplicates from the AssetType default vocabulary. This should not require client-side changes since the values were exact duplicates.
Decision: Should this change be made in version 1.2?
Feedback can be sent to the public STIX discussion list (make sure to join first) or sent privately to the core STIX team at [email protected].