• SwA Communities
• SwA Forums & Working Groups
• Workforce Education & Training
•     - Activities
•     - Resources
•     - Collaborations
•     - Licensing and Certification
• Processes & Practices
•     - Activities
•     - Resources
•     - Collaborations
• Technology & Tools
•     - Activities
•     - Resources
•     - Collaborations & Research
• Acquisition & Outsourcing
•     - Activities
•     - Resources
•     - Collaborations
• Measurement & Business Case
•     - Activities
•     - Resources
•     - Business Case
•     - Collaborations & Examples
•     - Resources
• Malware & Cyber Observables
•     - Activities
•     - Resources
• Resilient Software
• SwA Market Place
• SwA Landscape
• SwA Ecosystem
• Security Automation & Measurement
• Build Security In

Malware & Cyber Observables Working Group

Mission

Develop a consensus on software that behaves in potentially malicious ways that will

• improve communication about the attributes, objects, actions, events and other observables that characterize the code constructs and behaviors of potentially malicious software
• document use-cases that leverage automation and standards
• provide objective criteria for tool assessments
• provide more explicit user acceptance criteria for determining if potentially malicious code is to be installed with user knowledge
• enable users to make informed decisions about behavior of software and software-reliant systems

Recent Releases and Updates

• US-CERT Current Activity summarizes important reported security issues, including viruses, worms, and attack methods.
• Malware Attribute Enumeration and Characterization (MAEC) is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns. By eliminating the ambiguity and inaccuracy that currently exists in malware descriptions and by reducing reliance on signatures, MAEC aims to improve human-to-human, human-to-tool, tool-to-tool, and tool-to-human communication about malware; reduce potential duplication of malware analysis efforts by researchers; and allow for the faster development of countermeasures by enabling the ability to leverage responses to previously observed malware instances.

Contact Information

To comment or request further information, contact the working group chair at software.assurance [at] dhs.gov.

To join the Software Assurance Malware Working Group, see the instructions for joining a working group.

 

Contact Us Terms of Use Privacy Policy Sitemap Get a PDF Reader ©2013 Department of Homeland Security