US-CERT has launched its Common Malware Enumeration initiative. The initiative aims to:
- Reduce the public's confusion in referencing threats during malware incidents.
- Enhance communication between anti-virus vendors.
- Improve communication and information sharing between anti-virus vendors and the rest of the information security community.
It will work in a similar manner to the existing Common Vulnerabilites and Exposures (CVE) initiative. Each major threat will receive a unique tag, of the form CME-number. Many developers, including Sophos and F-Secure, have started listing the CME identifiers in their virus descriptions.
Virus naming inconsistencies have plagued developers and users for years, and this identifier will not solve the problem, though it might mitigate it. Detractors, including David Perry of Trend Micro, say it might just make things more confusing.