Current malware reporting, while useful for determining the general type and nature of a malware instance, is inherently ambiguous due to the lack of a common structure and vocabulary. Furthermore, reported information often excludes key malware attributes that may be useful for mitigation and detection purposes (e.g., the specific vulnerability that is exploited). Certainly, the value of malware reporting to end-users is significantly degraded without an encompassing, common format.
MAEC’s standardized vocabularies and grammar for use in malware reporting facilitates the creation of a separate, uniform reporting format. Such a format will reduce confusion as to the nature of malware threats through the accurate and unambiguous communication of malware attributes, while also ensuring uniformity between reports drafted by different authors and organizations. Also, because current reporting is typically captured in free-form text format, the structure provided by MAEC offers additional capabilities such as machine-based manipulation and automated ingest of malware reporting data.