CAPEC - Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC List
Full CAPEC Dictionary
Methods of Attack View
Reports

About CAPEC
Documents
Resources

Community
Related Activities
Collaboration List
T-Shirt
Contact Us

News & Events
Calendar
Free Newsletter

Compatibility
Program
Requirements
Participants
Make a Declaration

Search the Site

Status Report

Version 2.0 was released on April 8, 2013, and includes the following: updated the CAPEC XML Document content to conform to the new namespace capabilities in Version 2.5 of the CAPEC Schema. No changes were made to CAPEC content. The CAPEC Schema was updated to Version 2.5 to modify the schema to support namespaces in support of Structured Threat Information eXpression (STIX™) and other external schema using CAPEC’s schema, and to move from Cyber Observable eXpression (CybOX™) Version 1.0 to Version 2.0 for CAPEC Observables. Read the release notes.

CAPEC™ International in scope and free for public use, CAPEC is a publicly available, community-developed list of common attack patterns along with a comprehensive schema and classification taxonomy. Attack patterns are descriptions of common methods for exploiting software systems. They derive from the concept of design patterns applied in a destructive rather than constructive context and are generated from in-depth analysis of specific real-world exploit examples.

To respond effectively, the community needs to think outside of the box and have a firm grasp of the attacker’s perspective and the approaches used to exploit software systems. CAPEC provides this information to the community in order to help enhance security throughout the software development lifecycle and to support the needs of developers, testers, and educators.

Release 2.0 Available

Related Efforts
Cyber Observables (CybOX) Structured Threat Information (STIX) Malware (MAEC) Threat Information Exchange (TAXII)	Vulnerabilities (CVE) Software Weakness Types (CWE) Build Security In (BSI) Making Security Measurable (MSM)

Page Last Updated: May 10, 2013


	CAPEC is co-sponsored by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2007 - 2013, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation. Contact capec@mitre.org for more information.	Privacy policy Terms of use Contact us

Common Attack Pattern Enumeration and Classification

News

Upcoming Events

Status Report