As the business of cybersecurity has matured it has become evident to many that the sharing of threat intelligence information is the best way to fortify networks against the attacks from threat actors.
This realization has led to the development of international standards for the characterization of threat intelligence. The Structured Threat Information Expression (STIX), Trusted Automated Exchange of Indicator Information (TAXII) and the Cyber Observables (CybOX) protocols for machine-to-machine threat intelligence exchange were originally developed as an open source XML Reference Framework by the Mitre Corporation under the oversight of the U.S. Department of Homeland Security.
These protocols have recently been transferred to the Organization for the Advancement of Structure Information Sharing (OASIS), an international standards development body, for further development. The committee that has been convened is the Cyber Threat Intelligence – Technical Committee (CTI-TC). Membership is open to all members of OASIS, and the protocols, once released, will be available under the terms and conditions of the OASIS standards process.
Currently, a GitHub site currently aggregates most of the relevant information on the progress of development, to date, for each of these protocols, and others.
Cyber Threat Intelligence Networks (CTIN) is an initiative to provide resources and software products for this growing ecosystem for threat intelligence sharing.