New to CAPEC? Start Here
Home > CAPEC List > CAPEC-685: Development and Production (Version 3.9)  

CAPEC CATEGORY: Development and Production

Category ID: 685
 
+ Summary
Attack patterns within this category focus on the exploitation of weaknesses within the Development and Production phase of the CISA Supply Chain Lifecycle.
+ Membership
NatureTypeIDName
MemberOfViewView - A view in CAPEC represents a perspective with which one might look at the collection of attack patterns defined within CAPEC. There are three different types of views: graphs, explicit slices, and implicit slices.683Supply Chain Risks
HasMemberStandard Attack PatternStandard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.444Development Alteration
HasMemberMeta Attack PatternMeta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns. Meta level attack patterns are particularly useful for architecture and design level threat modeling exercises.690Metadata Spoofing
+ References
[REF-718] "Supply Chain Risks for Information and Communication Technology". Cyber and Infrastructure Security Agency (CISA). 2018-12. <https://www.cisa.gov/sites/default/files/publications/19_0424_cisa_nrmc_supply-chain-risks-for-information-and-communication-technology.pdf>. URL validated: 2022-07-26.
+ Content History
Submissions
Submission DateSubmitterOrganization
2022-09-29
(Version 3.8)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2023-01-24
(Version 3.9)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
More information is available — Please select a different filter.
Page Last Updated or Reviewed: September 29, 2022
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. CAPEC is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2007–2024, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.