Data Sharing Program

Data Sharing Program


StopBadware’s Data Sharing Program (DSP) was a program open to companies and institutions that produce feeds of malware URLs and related data. Note that the DSP was discontinued in 2018. The remaining information is included below for historical purposes.

The program was previously open only to StopBadware Partners and non-commercial research institutions. The goal of the DSP is to help security researchers and practitioners more effectively measure and address Web malware by providing access to a wide range of high-quality malware data. These aims are a crucial part of StopBadware’s mission to make the Web safer.

PLEASE NOTE: The DSP does NOT include data from, or contribute data to, our searchable Clearinghouse. It is a completely separate program, and its data is not public.

All program data is shared with other participants who have agreed to the terms of the program and are actively contributing data. StopBadware may also use data to inform our independent review process, to generate aggregated data or research, and to communicate with site owners and service providers (e.g., Web hosting providers) about malware within their zones of control.

To learn more about the program, please contact us.  

How does participation work? 

Participating organizations provide StopBadware with an automated feed of time-stamped malware URLs and associated data. StopBadware typically pulls data from participating companies; data delivery method can be adapted to individual participants. 

Ideal candidates should:

  • Produce a feed of new malicious URLs and related data or produce significant data about known malicious URLs
  • Maintain their own capacity for evaluating potentially bad URLs
  • Commit to sharing data to increase collective knowledge and facilitate takedown/cleanup efforts

What are the program’s data sources?

  • Feeds from participating partner companies (ESET, Fortinet, Internet Identity, Sophos) and research institutions
  • One-off reports from independent security researchers
  • Reports submitted to StopBadware’s URL reporting form by the general public
  • Data from public sources and/or additional sources, as needed

How can participants use shared data?

We want participants to be able to use shared data to make the Web safer, including through improvement of commercial products and services. Restrictions on data use are laid out in detail in StopBadware’s data sharing agreement. Important points include:

  • Shared data is not intended or able to be directly used as a blacklist. Participating companies are required to analyze, vet, or otherwise evaluate all data themselves before incorporating it into another form of output (such as a commercial security product).
  • Data cannot be used to publish comparative analysis of companies’ detection capabilities or blacklists.
  • Data cannot be otherwise shared or published outside these parameters.


Is StopBadware’s Clearinghouse data included in the program?

No. The data in StopBadware’s website Clearinghouse is entirely separate from the DSP and is not shared as part of the program. Our agreements with the companies that contribute data to the Clearinghouse prohibit us from sharing their data.

What is the volume of the shared data?

Typically, a range of 10,000 - 15,000 URLs a day over any given period. We expect this to increase over time.

Can my company evaluate the data before making a decision about participation?

We are not able to share our partners’ data outside the program. It may be possible for StopBadware to share a sample of data from non-partner sources. For more information, please contact us.