Using Malware Analysis to Identify Overlooked Security Requirements

March 2017 • Presentation

Nancy R. Mead, Jose A. Morales

This presentation describes initial research conducted by CERT and Carnegie Mellon to determine if malware report databases were amenable to automated processing to identify flaws

Publisher:

Software Engineering Institute

Subjects

Reverse Engineering for Malware Analysis
Security VulnerabilitiesSecurity Vulnerabilities
Software Solutions SymposiumSoftware Solutions Symposium

Abstract

This presentation describes initial research by CERT and Carnegie Mellon to determine if malware report databases were amenable to automated processing to identify flaws such as those documented in the Common Weakness Enumeration (CWE) and Common Attack Pattern Enumeration and Classification (CAPEC) databases.

Software Engineering Institute