The CERT Vulnerability Analysis Project was established to understand the complete behavior of malicious code and other attack tools in order to develop countermeasures or recommend courses of action for combating malicious code that may be used to target or exploit the U.S. Federal Government and/or Critical Infrastructure. To this end, CERT Vulnerability works closely with cyber security experts in the federal government, state/local governments, intelligence community, critical infrastructure owners/operators, public and private sectors.
This CERT Vulnerability is made up of two initiatives that constitute the investment programs: (1) Artifact Analysis/Catalogue ("Artifact Catalogue") and (2) Software Vulnerability collection and strategic analysis ("Software Vulnerability Analysis"). The Artifact Catalogue and the Software Vulnerability Analysis are separate data systems. Artifact Catalogue involves collecting and cataloguing malicious code. This allows computer security professionals to refer to a single source of malicious code analysis; the Software Vulnerability Analysis is focused on sharing analysis with professionals who need to know in public and private sectors.