Home > About CAPEC > Documents  



A number of documents exist to help clarify the historical significance, current use, and future directions of CAPEC.


Schema Documentation

This document, which is posted on the CAPEC List page, contains descriptions of the various elements in the official CAPEC Schema. It provides a basic understanding of the CAPEC data structure and can be used as a useful guide for developing new CAPEC entries or adding content to existing entries. Previous versions of the schema documentation are available in the Release Downloads.

Release Notes

Release notes citing the difference between the current official version of the CAPEC List and CAPEC Schema in comparison to the most previous version are posted on the CAPEC List page. Difference reports for previous releases are available in the Release Downloads.

ATT&CK Comparison

Understanding adversary behavior is increasingly important in cybersecurity. Two approaches exist for organizing knowledge about adversary behavior – CAPEC and ATT&CK, each focused on a specific set of use-cases. This page explains the similarities, differences, and relationship between CAPEC and ATT&CK and the role of each in cybersecurity.

Outreach and Enhancement

CAPEC Introductory Brochure

A brief two-page introduction to the CAPEC effort. February 2013.

PDF (111 KB)

An Introduction to Attack Patterns as a Software Assurance Knowledge Resource

OMG SwA Workshop 2007

PDF (2 MB)

Attack Patterns - Knowing Your Enemies in Order to Defeat Them


Paper - PDF (119 KB)

Slides - PDF (522 KB)

More information is available — Please select a different filter.
Page Last Updated or Reviewed: December 28, 2017