Mark Kennedy Symantec
Igor Muttik McAfee
False positives (FPs) are a huge problem for security vendors. As much engineering time is spent on reducing FPs as on detecting malware, sometimes more. One of the keys to reducing FPs is to have a solid database of known clean files. This effort is to create just such a database.
FPs don't just affect security vendors, they also affect commercial software developers. When they occur, commercial software developers must go to each security vendor to resolve the issue. By creating a database that is shared by security vendors, commercial developers will need only to work with a single point of contact. They can submit metadata (no files) for their products, and that metadata will be relayed to all security vendors at once.
While the funding mechanism is being developed, it should be little to no cost for commercial software developers (submitters) and a subscription fee to cover the cost of operation will be paid by the security vendors.
This system is in Alpha now, and should be fully operational by the time of the VB conference.
VB2013 takes place 2-4 October 2013 in Berlin, Germany.
The full programme for VB2013, including abstracts for each paper, can be viewed here.
