Hi Brent, Understood. I think it's reasonable that one goal of the working group should be to flesh these details out. I just worry this piece of it might be the long pole so it likely needs serious consideration early on so there is a foreseeable path forward.
Regards, Jason On Thu, Feb 24, 2022 at 2:28 PM Sherman, Brent M <[email protected]> wrote: > hi jason, > > thank you for your support, greatly appreciated! > > I agree there needs to be a path towards implementation however I think > this is something the wg needs to answer (adam, kathy – please correct me > if I’m wrong). > > I think we (ipsa wg) know the answers to your questions however, maybe > there is something we are not aware of which is why we want to form the wg. > > hopefully that makes sense. > > > > thanks > > brent > > > > > > *From:* Jason Oberg <[email protected]> > *Sent:* Thursday, February 24, 2022 2:11 PM > *To:* Alec J Summers <[email protected]> > *Cc:* CWE CAPEC Board <[email protected]>; Adam Cron < > [email protected]>; Sherman, Brent M <[email protected]>; > Hayashi, Kathy <[email protected]> > *Subject:* Re: CWE/CAPEC Rest API Working Group Documentation > > > > Adam, Kathy, Brent, > > > > Thank you for taking on this important initiative. I'm fully supportive > and it is very much needed. > > > > While defining the API is the first step, I'm wondering what the path is > to actually implement it. Specifically: > > - Can the existing CWE data model support APIs that are RESTful? > - Who will execute on the API endpoint development work? Will MITRE or > another party? > > These may be questions for MITRE, but I think it's important to have a > path towards implementation while the APIs are defined. We surely all agree > that defining an API that never gets built is not good for anyone. > > > > Regards, > Jason > > > > > > On Thu, Feb 24, 2022 at 1:31 PM Alec J Summers <[email protected]> wrote: > > Dear Board members, > > > > Good afternoon! > > > > During our last meeting, we spoke about the request from community > stakeholders to establish a working group to build a REST API for the > CWE/CAPEC program. The Board had several questions regarding the intention, > technical specifications, target audience, and milestones associated with > the request. Recall that the Board charter differentiates a working group > from a special interest group in that it is not intended to operate on an > open-ended timeline and is meant to achieve a particular outcome. > > > > I have attached a document of answers to Board’s questions from the > Accellera Systems Initiative IPSA working group members – the group > responsible for the initial request for a CWE REST API working group. I > have also cced the proposed chair of the working group, Adam Cron > (Synopsys), as well as two other members Brent Sherman (Intel) and Kathy > Hayashi (Qualcomm) so they may provide clarifications or reply to any > additional questions directly in this thread. > > > > Cheers, > > Alec > > > > -- > > *Alec J. Summers* > > Cyber Solutions Innovation Center > > Group Leader, Software Assurance Research & Practice > > Cyber Security Engineer, Lead > > O: (781) 271-6970 > > C: (781) 496-8426 > > *––––––––––––––––––––––––––––––––––––* > > *MITRE - Solving Problems for a Safer World* > > > > > > > -- > > Dr. Jason Oberg | Co-Founder and CTO | +1 (808) 635-7604 > > Tortuga Logic <http://www.tortugalogic.com/> | 75 E Santa Clara Street, > San Jose, CA 95113 > > > > NOTICE TO RECIPIENT | This email and any attachments may contain private, > confidential and privileged material for the sole use of the intended > recipient. If you are not the intended recipient, please immediately notify > the sender of the error by return email and delete this email and any > attachments. > -- Dr. Jason Oberg | Co-Founder and CTO | +1 (808) 635-7604 Tortuga Logic <http://www.tortugalogic.com/> | 75 E Santa Clara Street, San Jose, CA 95113 NOTICE TO RECIPIENT | This email and any attachments may contain private, confidential and privileged material for the sole use of the intended recipient. If you are not the intended recipient, please immediately notify the sender of the error by return email and delete this email and any attachments.
