Welcome all and thanks for the insight

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Welcome all and thanks for the insight

Durrant, Sheldon A.

Hello, everyone. My name is Sheldon Durrant and I’m an Infosec Engineer/Scientist working with Bill Heinbockel and Rosalie McQuaid on CEE at MITRE. I’ve been lurking quite a bit on the List taking in all the comments thus far and thought it was high time I introduced myself!

 

I’d like to welcome all to the discussion list and to thank everyone for the truly insightful contributions to the list content. I’ve been learning a lot from reading the goings-on on the list thus far. I hope everyone’s getting as much from the content as I am. Bill and I came up with all of the initial definitions that kicked this discussion off, so it’s refreshing, interesting, and informative to see the quantity and quality of debate and discussion that has ensued from that.

 

In response to Gail’s concerns about supporting business applications as well as networking, the goal of CEE is to create an extensible structure that is widely applicable across many different use cases. I like to avoid using clich├ęs where I can, but I think “plug-and-play” would be a good way to describe what we would want the final standard to look like; a unified core that we can all help to develop, and an extension capability for outliers. That’s why I think the current discussions about definitions are so important; it helps everyone speak a common language, and we can move on from there to determine the use cases that fit in the scope for a well-defined core CEE structure (based on our final definitions) and what should not be in the core. We can then create mechanisms so that others can extend the core to meet their individual use cases that we either haven’t accounted for, or are so unique as to be “non-standard.” In short, we would want CEE to be general enough to meet many use cases, but not so overly broad to invite the kind of “kitchen sink” mentality that causes overloaded terminology and arbitrary implementations that has rendered so many other standards useless in practice.

 

Again, thanks to everyone for keeping this interesting and informative. You’ll definitely hear more from me as time goes on, particularly when we get to the point where it makes sense for list members to break up into teams to work on specific tasks.

 

Sheldon A. Durrant

Infosec Engineer/Scientist

The MITRE Corporation