Re: CME: A Total Failure -- Throw in the Towel

[Alexander Sotirov <asotirov () determina com>]

Nick FitzGerald wrote:
> Fergie wrote:
>
> > It stinks. And has solved nothing.
>
> What was it trying to "solve", Ferg?
>
> Maybe it was simply less ambitious than you (and Bob Lemos and many 
> others) wished?  But maybe it is achieving pretty much that which it 
> was set up to do?

I have not followed the AV industry very closely, but I use the CVE dictionary
every day. Its main achievement is that it provides a common identifier for each
vulnerability, and this identifier can be used to cross-reference multiple
vulnerability databases with otherwise incompatible naming schemes. It doesn't
matter that Microsoft, ISS, OSVDB, CERT and everybody else out there uses their
own identifiers (we at Determina do too), as long as they include the CVE id so
that I know that they are talking about the same thing.

Of course, getting the media to adopt CME names is impossible, but who cares
about what the media calls a virus? The important thing for the security
professionals is to have a unique identifier that we can use to talk about these
things.

Even if the AV vendors refuse include the CME ids in their databases, CME would
still provide a very valuable service. If you have a vendor specific malware
name, you can go to http://cme.mitre.org/data/list.html and search for the that
name. You will find the CME entry, which will lists all other names of this
malware, essentially providing a translation service.

Alex
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.