Hello, everyone. My name is Sheldon Durrant and I’m an
Infosec Engineer/Scientist working with Bill Heinbockel and Rosalie McQuaid on
CEE at MITRE. I’ve been lurking quite a bit on the List taking in all the
comments thus far and thought it was high time I introduced myself!
I’d like to welcome all to the discussion list and to
thank everyone for the truly insightful contributions to the list content. I’ve
been learning a lot from reading the goings-on on the list thus far. I hope
everyone’s getting as much from the content as I am. Bill and I came up
with all of the initial definitions that kicked this discussion off, so it’s
refreshing, interesting, and informative to see the quantity and quality of
debate and discussion that has ensued from that.
In response to Gail’s concerns about supporting business
applications as well as networking, the goal of CEE is to create an extensible
structure that is widely applicable across many different use cases. I like to
avoid using clichés where I can, but I think “plug-and-play” would
be a good way to describe what we would want the final standard to look like; a
unified core that we can all help to develop, and an extension capability for
outliers. That’s why I think the current discussions about definitions
are so important; it helps everyone speak a common language, and we can move on
from there to determine the use cases that fit in the scope for a well-defined
core CEE structure (based on our final definitions) and what should not be in
the core. We can then create mechanisms so that others can extend the core to
meet their individual use cases that we either haven’t accounted for, or
are so unique as to be “non-standard.” In short, we would want CEE
to be general enough to meet many use cases, but not so overly broad to invite
the kind of “kitchen sink” mentality that causes overloaded
terminology and arbitrary implementations that has rendered so many other
standards useless in practice.
Again, thanks to everyone for keeping this interesting and
informative. You’ll definitely hear more from me as time goes on,
particularly when we get to the point where it makes sense for list members to break
up into teams to work on specific tasks.