In recent years, Internet infectious epidemics have become one of the major threats to service availability and information security. The infections caused by malicious software, which includes viruses, worms, Trojan horses, rootkits, spyware, malware, and adware, are costing corporations billions of dollars in time and resources, and show no signs of abating.

The security community has taken a great interest in malicious software due to the rise in the number of reported cases of attacks and is exploring methods to reduce damage caused by malicious software. In addition to the various applications that can detect and eradicate viruses, spyware, malware, and adware, security professionals are starting to incorporate the use of more advanced software development tools during the application design process. The end result of making security a key component of the design stage is a reduction in the number of security related bugs, for example buffer-overflow errors are one of the leading exploits. Configuration management applications are also helpful, as they insure that computer systems are kept up-to-date with the latest release of vendor software. Intrusion Detection Systems (IDS), along with network management systems, help isolate the affected systems that have been exploited.

This workshop will focus on the relationship between malicious software and security, specifically how technology is being implemented and utilized to identify, mitigate, and remediate the effects of malicious software. The workshop will also look at the need to facilitate the research and development of the next generation of anti- malicious software procedures to assist in the creation of more robust software.

Previous participants have agreed that past workshops have provided a useful and exciting forum for members of the standards and software development worlds to exchange ideas, opinions, and concerns. Due to community interest in malicious software and the rapidly evolving technologies, this year.s workshop should generate much discussion.

If you are interested in attending please check off the appropriate box on the conference registration form and add the nominal fee of $50 to cover the cost of the workshop, lunch and snack. Position papers are encouraged. To submit a paper, contact Harvey Rubinovitz, Workshop Chair, The MITRE Corporation, M/S S145, 202 Burlington Road, Bedford, Massachusetts 01730; (781) 271-3076; hhr@mitre.org.

Please note that registration for this Workshop does not include registration for any ACSAC sessions.