News & Events (2007 Archive)

CME Mentioned in Op-Ed Article about the Importance of Fixing Vulnerabilities in Network World

CME was mentioned in an op-ed article entitled "How to find your security holes: Check your network for CVEs" by NetClarity, Inc. founder and CTO Gary S. Miliefsky in the April 30, 2007 issue of Network World. The main topic of the article is that hackers have caused billions of dollars in damages and that they "have a plethora of tools available in their war chests ranging from spyware, rootkits, Trojans, viruses, worms, bots, and zombies to various other blended threats" and these security holes must be fixed. CME is mentioned when the author states: "Not all exploits are created equal. Most are evolutionary improvements on existing exploits. What's very interesting is that the average exploit currently has a dozen names. With the advent of the Common Malware Enumeration (CME) standard, there will be one shared, neutral indexing capability for malware but that [is] ... just starting to catch on ..."

The author also mentions the Common Vulnerabilities and Exposures (CVE) project and concludes the article by stating that: "Removing critical CVEs is considered due care. Frequent and consistently scheduled security audits for CVEs and their removal is the only prudent thing to do as a proactive information security manager. Now is the time to find and fix your CVEs so you can be more productive and suffer less downtime and successful hacker attacks. If you remove all of your CVEs you'll be as close to 100% secure as possible."

CME Mentioned in Article about Storm Worm on CNET Reviews

CME was mentioned in an April 13, 2007 article entitled "Taking the Internet by storm" on CNET Reviews. The main topic of the article is the recurrence of CME-711, also called Storm. CME is mentioned when the author states: "Recently, Mitre.org created the Common Malware Enumeration, which seeks to classify worms and Trojan horses under a common designation. CME-711 refers to the Storm worm, and by visiting the Mitre site you can see how various antivirus vendors have labeled the previous variations of this worm: CA calls it 'Peacoan,' Esset calls it 'Fudip,' Norman calls it 'Tibs,' and F-Secure calls it 'Zhelatin.' By whatever name, CME-711 is making history."

CME Included in Booth at Black Hat Briefings 2007

MITRE will host a Making Security Measurable exhibitor booth at Black Hat Briefings 2007 on August 1-2, 2007 at Caesars Palace in Las Vegas, Nevada, USA. The conference will expose MITRE's CME, CVE, CCE, CPE, CWE, OVAL, and Making Security Measurable efforts to a diverse audience of information security-focused attendees from around the world.

Visit the CME Calendar page for information on this and other upcoming events.

CME Included in Briefing at 19th Annual System and Software Technology Conference

CME will be included as a topic in a briefing entitled "Creating a Secure Architecture as a Basis for Compliance" by MITRE Principal Engineer Robert A. Martin at the 19th Annual System and Software Technology Conference on June 20, 2007 at the Tampa Convention Center in Tampa, Florida, USA. The briefing will expose MITRE's CME, CVE, CCE, CPE, CWE, OVAL, and Making Security Measurable efforts to a diverse audience of information security professionals from industry and the U.S. government and military.

Visit the CME Calendar page for information on this and other upcoming events.

Back to top

CME Included in Booth at InfoSec World 2007

CME was included in MITRE's Making Security Measurable exhibitor booth at InfoSec World 2007 Conference & Expo on March 19-21, 2007 at the Rosen Shingle Creek Resort in Orlando, Florida, USA. The conference exposed MITRE's CME, CVE, CCE, CPE, CWE and OVAL efforts to a diverse audience of attendees from the banking, finance, real estate, insurance, and health care industries, among others. The conference is targeted to information security policy and decision makers from these and other industries, as well as directors and managers of information security, CIOs, network and systems security administrators, IT auditors, systems planners and analysts, systems administrators, software and application developers, engineers, systems integrators, strategic planners, and other information security professionals. Organizations with Products and Services Including CME Identifiers also exhibited.

Visit the CME Calendar page for information about this and other upcoming events.

CME Included in Booth at OMG Software Assurance Workshop 2007

CME was included in MITRE's Making Security Measurable exhibitor booth about CME, CVE, CCE, CPE, CWE and OVAL at the OMG Software Assurance Workshop on March 5-7, 2007 at the Hyatt Fair Lakes in Fairfax, Virginia, USA. Object Management Group (OMG) is an international, open membership, not-for-profit computer industry consortium. OMG's task forces "develop enterprise integration standards" for a wide range of technologies and industries and its modeling standards "enable powerful visual design, execution and maintenance of software and other processes."

Visit the CME Calendar page for information about this and other upcoming events.

CME Included in Booth at RSA Conference 2007

CME was included in MITRE's a Making Security Measurable exhibitor booth at RSA Conference 2007 on February 5-8, 2007 at the Moscone Center in San Francisco, California, USA. RSA Conference provides a forum for information security professionals and visionaries to "exchange and collaborate in a dynamic, authoritative setting." The conference exposed MITRE's CME, CVE, CCE, CPE, CWE and OVAL efforts to security professionals from industry, government, and academia from around the world. Organizations with Products and Services Including CME Identifiers also exhibited.

Visit the CME Calendar page for information about this and other upcoming events.

CME Included in Booth at 2007 Information Assurance Workshop

CME was included in MITRE’s a Making Security Measurable exhibitor booth the 11th annual 2007 Information Assurance (IA) Workshop on February 12-16, 2007 at the Wyndham Orlando Resort, in Orlando, Florida, USA. The purpose of the workshop, which is hosted by the U.S. Defense Information Systems Agency (DISA) and National Security Agency (NSA), is to provide a forum in which the IA community can provide updates and work issues on relevant IA topics that have been aligned with the goals of Department of Defense (DOD) IA strategy. The event exposed MITRE's CME, CVE, CCE, CPE, CWE and OVAL efforts to representatives of the DOD and other Federal Government employees and their sponsored contractors.

Visit the CME Calendar page for information about this and other upcoming events.

Back to top

New CME Identifier Released: CME-711

CME-711 was assigned on January 20, 2007. Aliases for this threat include Aladdin: Win32.Small.dam; Authentium: W32/Downloader.AYDY; AVIRA: TR/Dldr.Small.DBX; CA: Win32/Pecoan; ClamAV: Trojan.Downloader-647; ESET: Win32/Fuclip.A; Fortinet: W32/Small.DAM!tr; F-Secure: Small.DAM; Grisoft: Downloader.Tibs; Kaspersky: Trojan-Downloader.Win32.Small.dam; McAfee: Downloader-BAI!M711; Microsoft: Win32/Nuwar.N@MM!CME-711; Norman: W32/Tibs.gen12; Panda: Trj/Alanchum.NX!CME-711; Sophos: Troj/DwnLdr-FYD; Symantec: Trojan.Peacomm; and Trend Micro: TROJ_SMALL.EDW.

Visit the CME List for a complete description of this and other CME identifiers. You may download the CME List as an XML file by clicking on the XML button located in the upper-right corner of the CME List page. For notification of new CME identifiers, subscribe to our RSS feed by clicking on the RSS button located in the upper-right corner of the CME List page.

Back to top

CME to Host Booth at RSA Conference 2007, February 5-8

MITRE is scheduled to host a CME/CVE/CCE/CWE/OVAL exhibitor booth at RSA Conference 2007 on February 5-8, 2007 at the Moscone Center in San Francisco, California, USA. RSA Conference provides a forum for information security professionals and visionaries to "exchange and collaborate in a dynamic, authoritative setting." The event will introduce CME, CVE, CCE, CWE, and OVAL to security professionals from industry, government, and academia from around the world. Please stop by Booth 1949 and say hello.

Visit the CME Calendar page for information about this and other upcoming events.

CME to Host Booth at the 2007 Information Assurance Workshop, February 12-16

MITRE is scheduled to host a CME/CVE/CCE/CWE/OVAL exhibitor booth at the 11th annual 2007 Information Assurance (IA) Workshop on February 12-16, 2007 at the Wyndham Orlando Resort, in Orlando, Florida, USA. The purpose of the workshop, which is hosted by the U.S. Defense Information Systems Agency (DISA) and National Security Agency (NSA), is to provide a forum in which the IA community can provide updates and work issues on relevant IA topics that have been aligned with the goals of Department of Defense (DOD) IA strategy. The event will introduce CME, CVE, CCE, CWE, and OVAL to representatives of the DOD and other Federal Government employees and their sponsored contractors.

Visit the CME Calendar page for information about this and other upcoming events.

Important Message about CME Web Site Availability

Due to business disaster planning activities the CME Web site may be temporarily unavailable for short periods from 5:00am eastern time on Saturday, January 13, 2007 through 5:00am on Tuesday, January 16, 2007. We apologize for any inconvenience. Please contact cme@mitre.org with any comments or concerns.

Back to top