Pro+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
December 2005

Ping: Desiree Beck

The Common Malware Enumeration (CME) initiative makes no pretense that it's a cure for the multitude of virus- naming conventions. CME officially kicked off in October, but it's been more than a year in the making, primarily under the sponsorship of US-CERT, the technical guidance of the Mitre Corp, and the participation of most of the leading antivirus software vendors. Desiree Beck, technical lead for the project, hopes CME becomes the common talking point when it comes to malicious code, and that CME alleviates some of the confusion. Why is CME necessary? Different entities refer to threats differently; this leads to a lot of confusion. We're hoping a common ID for threats puts everyone on the same page. What's the process for assigning an identifier? The CME Sample Redistribution Group [the group authorized to use the CME Submission Server] evaluates top threats and submits a sample. If no other samples are submitted within two hours, it's automatically issued an identifier. If something else is submitted, it goes to ...

Features in this issue

Columns in this issue