Using a Malware Ontology to Make Progress Towards a Science of Cybersecurity Transcript Part 1: Why Ontologies Are Critical
Abstract
Welcome to CERT's Podcast Series: Security for Business Leaders. The CERT Program is part of the Software Engineering Institute, a federally-funded research and development center at Carnegie Mellon University in Pittsburgh, Pennsylvania. You can find out more about us at cert.org. Show notes for today's conversation are available at our podcast website. My name is Julia Allen. I'm a principal researcher at CERT, working on operational resilience and measurement. Today I'm very pleased to welcome David Mundie. David is one of my colleagues and a member of CERT's Enterprise Threat and Vulnerability Analysis Team. I think you'll find today's conversation pretty interesting. It's a little bit of a departure from our normal operational topics. Today, David and I will be discussing the need for controlled vocabularies, taxonomies, and ontologies -- all to the end pursuit of making some substantive progress towards a science of cybersecurity, as opposed to an art form. And David and I will be specifically discussing malicious code, also referred to as malware analysis, based on a report that he and his team have recently published, called "The MAL: A Malware Analysis Lexicon," to try and give you a little bit of an example of what we're talking about.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jan 01, 2013
- Accession Number
- AD1133573
Entities
Organizations
- Carnegie Mellon University