Thanks for suggesting this. It actually came up as an example in a discussion of the relation between MAEC and SCAP tools on the Handshake group. So, I’m going to cross-post your suggestion to Handshake in case some folks are following that more closely.
I think it looks reasonable, but it would good for others to weigh in. We might also want to think about if referencing CPE makes sense.
From:[hidden email] [mailto:[hidden email]] On Behalf Of Jose Nazario Sent: Friday, February 25, 2011 11:53 AM To: maec-discussion-list Malware Attribute Enumeration Discussion Subject: code signing features - addition request
i'm trying to migrate an automated static analyzer i wrote to output MAEC data. one of the sections the tool does is a signature check (via sigcheck).