About the TAG “Certified Against Malware” Program

About the TAG “Certified Against Malware” Program

About the “Certified Against Malware” Program

The Mission of the TAG Certified Against Malware Program is to eliminate the distribution of malware throughout the digital advertising supply chain.

Malware delivered through the advertising ecosystem degrades overall trust in the system by generating a poor consumer experience. Additionally, malware infected machines attack the advertising ecosystem in order to generate money for fraudsters. Because each participant in the ecosystem has visibility into only their subset of the problem, preventing the delivery of malware overall is challenging, resulting in continued attacks on consumers through the various uncoordinated parts of the system.

Establishing a method for coordinating the industry in its defense against malware peddlers is a priority for TAG. By defining a process for sharing information about malware in a manner that is trustworthy, legal, and consumer friendly, TAG can help the industry with a foundation to build a common and effective response to these attackers, thereby safeguarding the consumer from malware.

The Certified Against Malware Program is open to participation by several types of covered parties, including buyers, direct sellers and intermediaries across the digital advertising ecosystem, as well as vendors. Requirements to achieve the TAG “Certified Against Malware” Seal differ according to a company’s role in the supply chain. These requirements are outlined in greater detail in the Certified Against Malware Guidelines.

Certification Requirements:

  • Document appropriate points of contact at partner companies
  • In any new or updated legal agreements, document malware scanning responsibilities
  • Scan a reasonable percentage of total creative inventory
  • Company should have internal procedure around defining Red Flag Events and handling of standard malware incidents
  • Designate an Anti-Malware Primary Contact
  • Establish a formal post-mortem process for Red Flag malware incidents
  • Conduct semi-annual reviews of post-mortems