Malware Threat Scoring System

The linkage between MAEC and other standards efforts — for example, Structured Threat Information Expression (STIX™) — could allow for the creation of a malware threat scoring system, similar to that of the Common Vulnerability Scoring System (CVSS) for software vulnerabilities.

MAEC’s link to relevant standards, as well as its characterization of mid and high-level malware features, can provide the necessary data for accurately describing the attack vectors and payload of a malware instance. This data could then be used to score the potential impact of the malware based on pre-defined categories, such as payload type (e.g., data theft, bot-like behavior, etc.) and degree of persistence.