Is this REST API read only, or also write to update CWEs, or? On Tue, Mar 1, 2022 at 9:23 AM Adam Cron <[email protected]> wrote:
> I have no objections. Enclosed is a strawman invitation. Please edit or > comment as you see fit. Please don’t forward it out, yet. > > > > Best regards, > > > > Adam > > > > *From:* Alec J Summers <[email protected]> > *Sent:* Tuesday, March 1, 2022 9:45 AM > *To:* CWE CAPEC Board <[email protected]> > *Cc:* Adam Cron <[email protected]>; Hayashi, Kathy <[email protected]>; > Sherman, Brent <[email protected]>; Oberg, Jason < > [email protected]> > *Subject:* Re: [EXT] Re: CWE/CAPEC Rest API Working Group Documentation > > > > Good morning, all. > > > > I wanted to follow up on this thread and see if there were any other > questions or thoughts for the REST API Working Group proposal. > > > > If not, I wanted to ask if there were any objections to officially > authorize this group to begin discussions and determine the path forward. > > > > Cheers, > > Alec > > > > -- > > *Alec J. Summers* > > Cyber Solutions Innovation Center > > Group Leader, Software Assurance Research & Practice > > Cyber Security Engineer, Lead > > O: (781) 271-6970 > > C: (781) 496-8426 > > *––––––––––––––––––––––––––––––––––––* > > *MITRE - Solving Problems for a Safer World* > > > > > > *From: *Jason Oberg <[email protected]> > *Date: *Friday, February 25, 2022 at 10:02 AM > *To: *Sherman, Brent <[email protected]> > *Cc: *Alec J Summers <[email protected]>, CWE CAPEC Board < > [email protected]>, Adam Cron <[email protected]>, > Hayashi, Kathy <[email protected]> > *Subject: *[EXT] Re: CWE/CAPEC Rest API Working Group Documentation > > Hi Brent, > > > > Understood. I think it's reasonable that one goal of the working group > should be to flesh these details out. I just worry this piece of it might > be the long pole so it likely needs serious consideration early on so there > is a foreseeable path forward. > > > > Regards, > > Jason > > > > > > On Thu, Feb 24, 2022 at 2:28 PM Sherman, Brent M < > [email protected]> wrote: > > hi jason, > > thank you for your support, greatly appreciated! > > I agree there needs to be a path towards implementation however I think > this is something the wg needs to answer (adam, kathy – please correct me > if I’m wrong). > > I think we (ipsa wg) know the answers to your questions however, maybe > there is something we are not aware of which is why we want to form the wg. > > hopefully that makes sense. > > > > thanks > > brent > > > > > > *From:* Jason Oberg <[email protected]> > *Sent:* Thursday, February 24, 2022 2:11 PM > *To:* Alec J Summers <[email protected]> > *Cc:* CWE CAPEC Board <[email protected]>; Adam Cron < > [email protected]>; Sherman, Brent M <[email protected]>; > Hayashi, Kathy <[email protected]> > *Subject:* Re: CWE/CAPEC Rest API Working Group Documentation > > > > Adam, Kathy, Brent, > > > > Thank you for taking on this important initiative. I'm fully supportive > and it is very much needed. > > > > While defining the API is the first step, I'm wondering what the path is > to actually implement it. Specifically: > > - Can the existing CWE data model support APIs that are RESTful? > - Who will execute on the API endpoint development work? Will MITRE or > another party? > > These may be questions for MITRE, but I think it's important to have a > path towards implementation while the APIs are defined. We surely all agree > that defining an API that never gets built is not good for anyone. > > > > Regards, > Jason > > > > > > On Thu, Feb 24, 2022 at 1:31 PM Alec J Summers <[email protected]> wrote: > > Dear Board members, > > > > Good afternoon! > > > > During our last meeting, we spoke about the request from community > stakeholders to establish a working group to build a REST API for the > CWE/CAPEC program. The Board had several questions regarding the intention, > technical specifications, target audience, and milestones associated with > the request. Recall that the Board charter differentiates a working group > from a special interest group in that it is not intended to operate on an > open-ended timeline and is meant to achieve a particular outcome. > > > > I have attached a document of answers to Board’s questions from the > Accellera Systems Initiative IPSA working group members – the group > responsible for the initial request for a CWE REST API working group. I > have also cced the proposed chair of the working group, Adam Cron > (Synopsys), as well as two other members Brent Sherman (Intel) and Kathy > Hayashi (Qualcomm) so they may provide clarifications or reply to any > additional questions directly in this thread. > > > > Cheers, > > Alec > > > > -- > > *Alec J. Summers* > > Cyber Solutions Innovation Center > > Group Leader, Software Assurance Research & Practice > > Cyber Security Engineer, Lead > > O: (781) 271-6970 > > C: (781) 496-8426 > > *––––––––––––––––––––––––––––––––––––* > > *MITRE - Solving Problems for a Safer World* > > > > > > > -- > > *Error! Filename not specified.* > > Dr. Jason Oberg | Co-Founder and CTO | +1 (808) 635-7604 > > Tortuga Logic > <https://urldefense.com/v3/__http:/www.tortugalogic.com/__;!!A4F2R9G_pg!KhP1Tp0dIAuQOQwjf78PecF8WBfuwNa4sP9WLK03IjU7Hr9AnrUoeHynYR0srqW5IQ$> > | 75 E Santa Clara Street, San Jose, CA 95113 > > > > NOTICE TO RECIPIENT | This email and any attachments may contain private, > confidential and privileged material for the sole use of the intended > recipient. If you are not the intended recipient, please immediately notify > the sender of the error by return email and delete this email and any > attachments. > > > > > -- > > *Error! Filename not specified.* > > Dr. Jason Oberg | Co-Founder and CTO | +1 (808) 635-7604 > > Tortuga Logic > <https://urldefense.com/v3/__http:/www.tortugalogic.com/__;!!A4F2R9G_pg!KhP1Tp0dIAuQOQwjf78PecF8WBfuwNa4sP9WLK03IjU7Hr9AnrUoeHynYR0srqW5IQ$> > | 75 E Santa Clara Street, San Jose, CA 95113 > > > > NOTICE TO RECIPIENT | This email and any attachments may contain private, > confidential and privileged material for the sole use of the intended > recipient. If you are not the intended recipient, please immediately notify > the sender of the error by return email and delete this email and any > attachments. > -- Kurt Seifried (He/Him) [email protected]
