Software Engineering Institute

The lack of a controlled vocabulary for malware analysis is a symptom of the field's immaturity and an impediment to its growth. Malware analysis is a splintered discipline, with many small teams that for cultural reasons do not, or cannot, readily communicate among themselves; this condition encourages the growth of many local dialects. This report presents the results of the Malware Analysis Lexicon (MAL) initiative, a small project to develop the discipline's first common vocabulary.