search menu icon-carat-right cmu-wordmark

Using Malware Analysis to Identify Overlooked Security Requirements

March 2017 Presentation
Nancy R. Mead, Jose A. Morales

This presentation describes initial research conducted by CERT and Carnegie Mellon to determine if malware report databases were amenable to automated processing to identify flaws

Publisher:

Software Engineering Institute

This presentation was created for a conference series or symposium and does not necessarily reflect the positions and views of the Software Engineering Institute.

Abstract

This presentation describes initial research by CERT and Carnegie Mellon to determine if malware report databases were amenable to automated processing to identify flaws such as those documented in the Common Weakness Enumeration (CWE) and Common Attack Pattern Enumeration and Classification (CAPEC) databases.