Common Malware Enumeration Initiative

LogError writes "The Common Malware Enumeration Initiative was just announced. Headed by the United States Computer Emergency Readiness Team (US-CERT) and supported by an editorial board of anti-virus vendors and related organizations it should provide a neutral, shared identification method for malware outbreaks."

Required reading

[ReformedExCon]

This is the first time I've been to the US-CERT website, so please forgive my enthusiasm.

This document on viruses should be required reading for anyone who uses a computer.

http://www.us-cert.gov/reading_room/virus.html

Most common malware can be stopped with the same virus-avoidance techniques listed in this brief document.

As for this initiative, it's not explained very well, that's for sure. It seems like a simple naming convention for viruses as well as a central location for all virus information. I'm not big on the government taking away such a role from private industry, but with the threat of viruses affecting everyone, it makes sense that the government provide a baseline starting point for all antivirus companies to start from. It is not in the best interest of the public to have a single private company hoard virus information.

why isn't this tied into nvd instead?

[pointbeing]

I'm a federal employee and information assurance is a huge part of my job. I don't understand why CERT needed another resource rather than tying things into NISTs shiny new National Vulnerability Database. Seems to me that one-stop shopping for both software vulnerabilities and malware alerts would be the thing to do.