A Collection of Information Security Community Standardization Activities and Initiatives


The efforts listed on this page are no longer active and have been moved to "Archive" status. They are included here for historical and informational purposes only.

Common Event Expression (CEE), 2007-2013

CEE was developed in 2007 to standardize the way computer events are described, logged, and exchanged. By using CEE’s common language and syntax, enterprise-wide log management, correlation, aggregation, auditing, and incident handling can be performed more efficiently and produce better results than was possible prior to CEE. However, due to changing priorities the U.S. Government organization that sponsored MITRE’s work on CEE decided to stop funding development of CEE in early 2013 to focus on other priorities. As regaining funding is not anticipated, MITRE moved CEE to "Archive" status in May 2013. MITRE does remain open to transition opportunities for CEE — including transferring all CEE specifications, documents, source materials, etc.; transferring all CEE-related intellectual property rights; and pointing this website to a new hosting location — to an organization, group, or individual willing to continue logging standards development in a philosophy similar that of the CEE community. Please contact cee@mitre.org for more information. In the meantime and for informational purposes only, DMTF Cloud Audit and Project Lumberjack are active logging standardization efforts.

Common Malware Enumeration (CME), 2005-2008

CME was developed in 2005 to address the pandemic model of malware in which single, common CME Identifiers (CME-IDs) were assigned to "high-profile threats" in order to reduce public confusion during malware incidents. This community effort was not an attempt to replace the vendor names used for viruses and other forms of malware, but instead to facilitate a shared, neutral indexing capability for malware. However, the changed nature of the malware threat since late 2006 — away from pandemic, widespread threats to more localized, targeted threats — greatly reduced the need for common malware identifiers to mitigate user confusion in the general public. CME was therefore moved to "Archive" status in September 2008 and all related work transitioned to the Malware Attribute Enumeration and Characterization (MAEC™) effort.