funsec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: CME: A Total Failure -- Throw in the Towel

From: "David Harley" <david.a.harley () gmail com>
Date: Sun, 12 Mar 2006 01:10:02 -0000
Were you expected the CME 
numbers to be a substitute for the existing naming 
conventions?  I can't speak for the CME guys, but I think 
that wasn't a goal.  


That wasn't my understanding either. From that point of view,
CME isn't a complete failure. But...


If I am able to determine that two 
malware names refer to the same thing because they have the 
same CME number, then it's a success as far as I'm concerned. 


Kind of. If you can make that assumption (see below).


 I get the impression that they have't kept up with the 
volume well, that would be the only failure I could see.


But maybe that's the whole point. Glut has always been a problem,
but it's a little more complicated now. Variants, subvariants,
subvariants with multiple packers, multiple malcodes with 
common code, malcode that mutates as new mods become available.
Traditionally, naming has depended on exchange of samples to 
establish a common code set, as has testing. But we're not in
Kansas anymore, and those models don't work.

-- 
David Harley
Computer Security Author & Consultant
http://blogs.securiteam.com/  



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: