US Flag Official website of the Department of Homeland Security
U.S. Department of Homeland Security Seal. Software and Supply Chain Assurance. Community Resources and Information Clearinghouse (CRIC).

Malware & Cyber Observables Working Group


Develop a consensus on software that behaves in potentially malicious ways that will

  • improve communication about the attributes, objects, actions, events and other observables that characterize the code constructs and behaviors of potentially malicious software
  • document use-cases that leverage automation and standards
  • provide objective criteria for tool assessments
  • provide more explicit user acceptance criteria for determining if potentially malicious code is to be installed with user knowledge
  • enable users to make informed decisions about behavior of software and software-reliant systems

Recent Releases and Updates

  • US-CERT Current Activity summarizes important reported security issues, including viruses, worms, and attack methods.
  • Malware Attribute Enumeration and Characterization (MAEC) is a standardized language for encoding and communicating high-fidelity information about malware based upon attributes such as behaviors, artifacts, and attack patterns. By eliminating the ambiguity and inaccuracy that currently exists in malware descriptions and by reducing reliance on signatures, MAEC aims to improve human-to-human, human-to-tool, tool-to-tool, and tool-to-human communication about malware; reduce potential duplication of malware analysis efforts by researchers; and allow for the faster development of countermeasures by enabling the ability to leverage responses to previously observed malware instances.

Contact Information

To comment or request further information, contact the working group chair at software.assurance [at]

To join the Software Assurance Malware Working Group, see the instructions for joining a working group.

Back to Top