funsec mailing list archives
Re: CME: A Total Failure -- Throw in the Towel
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Mon, 13 Mar 2006 00:04:49 +1300
Blue Boar (to me, if you believe "References: <44141D51.14049.55218607 () nick virus-l demon co uk>"):
So what is the failure exactly? ...
I didn't say that _CME_ was a failure (the AV industry's incessant rebellion against even thinking about how it could try to fix the naming problem _IS_ a failure, but CME hasn't a hope in hell of addressing that, and the MITRE folk are now pretty much painfuly aware of that...).
... Were you expected the CME numbers to be a substitute for the existing naming conventions? ...
Me -- no, not at all. _I_ reckoned that _perhaps_ what CME was aiming for might be achievable _AND_ probably that might be (just) enough for most AV (corporate) customers (most of the time). (I also saw trouble in getting proper media understanding of the intent, objective and expected outcome, but that had little to do with the intended/hoped for outcomes per se, and much to do with dealing with the media...).
... I can't speak for the CME guys, ...
Neither, directly, can I, but I am on the "advisory board" and arguably one of the more "experienced" advisors to the CME effort.
... but I think that wasn't a goal. ...
And, as I thought I was communicating in my message, you'd be right. As _I_ understand it, CME does not intend, and was not expected, by its backers, to "fix" the "naming problem".
... If I am able to determine that two malware names refer to the same thing because they have the same CME number, then it's a success as far as I'm concerned. ...
And _that_ was, pretty much, the expected "major usefulness" of CME, so according to your testimony, CME is a success, despite Ferg's, Lemos', etc suggestion to the contrary...
... I get the impression that they have't kept up with the volume well, that would be the only failure I could see.
Ahhh -- well, there is some tension between those that would like to see CME cover "everything, or at least 'everything important'" and those who have a grasp on the pragmatics. The problem is, of course, that _anything_ some arbitrary Jo[e] Bloggs' (or his/her client) considers "everything important" quickly adds up to so much of "everything" that CME would have to cover so close to "everything" that it would not be manageable or useful (as it is, CME certainly will not scale to anything within a couple of orders of magnitude of "everything"). Yes, CME can deal with more than it currently does, but working out what _most usefully_ comprises that "more" is _really_ tricky... Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- RE: CME: A Total Failure -- Throw in the Towel, (continued)
- RE: CME: A Total Failure -- Throw in the Towel David Harley (Mar 11)
- RE: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Axel Pettinger (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Blue Boar (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 13)
- Re: CME: A Total Failure -- Throw in the Towel Nick FitzGerald (Mar 13)
- Re: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 13)
- RE: CME: A Total Failure -- Throw in the Towel Nick FitzGerald (Mar 16)
- RE: CME: A Total Failure -- Throw in the Towel Drsolly (Mar 16)
- Re: CME: A Total Failure -- Throw in the Towel Nick FitzGerald (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Nick FitzGerald (Mar 12)
- Virus Info Alliance == "new CME"?? (was: CME: A Total Failure) Young, Keith (Mar 12)
- Re: CME: A Total Failure -- Throw in the Towel Alexander Sotirov (Mar 12)