[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fwd: IP: it's time the media started labeling these viruses correctly!

I'm going to be provincial and just address the CVE-related issues
here :-)

Gene Spafford said:

>Imagine if we were to do CVE entries for [each virus]?

Note that on occasion, one or two system administrators ask if CVE has
entries for viruses.  Some of them report that they have difficulty
with the different naming schemes used by various virus vendors.  They
see CVE as a way to resolve this problem.

My response is usually twofold: (a) we are staying away from naming
things that are already identified by the anti-virus community; and
(b) viruses are a high cardinality item, and as such wouldn't have
separate entries in CVE, at least as dictated by the HIGHCARD content
decision.  To my way of thinking, there might be a very small number
of entries for a virus (since it falls under the "malicious presence"
category), just like there's a small number of candidates for Trojan
horses (CAN-1999-0660 and CAN-1999-0661) or other "utilities" like
DDos masters or zombies (CAN-2000-0138).

People are generally satisfied with this answer, but the fact that
they ask indicates that there is some need for a naming convention for
viruses.  Note that I'm not a virus expert, so I don't know if the
list of aliases used in the WildList is sufficient for this use.  If
you're interested in this issue, also see Joe Wells' article on virus
naming issues at http://www.wildlist.org/naming.htm

A technical issue with respect to naming viruses in CVE is that CVE's
naming space only supports a maximum of 9,999 items per year (although
there are some ways of expanding this if necessary, without changing
the format of the name).

- Steve

Page Last Updated or Reviewed: May 22, 2007