2005-09-22

A light at the end of the tunnel

Nearly a year ago, I wrote about the need for a standard malware nomenclature. Around the same time, I also commented on the need for an information security clearinghouse, possibly run by the DHS. It seems someone was listening to the pleas from the security community: today, C|Net reports that US-CERT (run by DHS) will be getting into the business of naming malware by acting as the public face of the Common Malware Enumeration Initiative, designed by a number of government entities as well as the much-respected MITRE. By running this through the government, the politics of inter-company nomenclature are completely circumvented. Each company can keep their own nomenclature, and map to the CME ID through their products and websites. One major issue that isn't clearly addressed, however, is how variants will be handled by CME. The state of malware being what it is today, this is the biggest point of confusion in battling outbreaks. New viruses aren't nearly as common as variants of old, tried-and-true formulas. Without a way to clearly address variants, this system may be much less effective. Its potential at this point, however, is great.

This announcement, along with other recent developments at US-CERT such as the revealing of the National Vulnerability Database (NVD), is positioning the site to become a critical juncture for the information security community. It appears the DHS, in at least one small respect, is starting to show some positive progress in its mission. I've personally met the gentleman responsible for the creation of the NVD at NIST, as well as some others involved with US-CERT, and have been very pleased with what I've seen. This is something to keep a close eye on in the coming 6-12 months, as it may soon be bookmarked as your browser's home page.

The only concern I have thus far is how quickly and completely US-CERT disseminates information to the public. There is much more to US-CERT than meets the eye; it is also a powerful tool for inter-agency communication and data sharing within the US Government. If the movement of information from the protected side to the public side is kept open, this may end up being a key cog in fighting the good fight for analysts in the years to come.

No comments: