Common Attack Pattern Enumeration and Classification

News & Events

Current News | Twitter | LinkedIn | YouTube | Podcast | Blog | News Archive

2011 Archive

CAPEC/CWE/MAEC Briefings at DHS/DoD/NIST SwA Working Group Meeting

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC, CWE/CAPEC Program Manager Robert A. Martin presented a briefing about CWE, and MAEC Program Manager Penny Chase presented a briefing about MAEC, to the DHS/DoD SwA Working Group Meeting Session on November 28 – December 2, 2011 at MITRE Corporation in McLean, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC Briefings at DHS/DoD/NIST SwA Working Group Meeting, November 28 – December 2

CAPEC/CWE Co-Founder and Architect Sean Barnum will present a briefing about CAPEC, CWE/CAPEC Program Manager Robert A. Martin will present a briefing about CWE, and MAEC Program Manager Penny Chase will present a briefing about MAEC, to the DHS/DoD SwA Working Group Meeting Session on November 28 – December 2, 2011 at MITRE Corporation in McLean, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CybOX/MAEC Briefings at Open Group Security Workshop

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC and Cyber Observable Expression (CybOX) and MAEC Architect Ivan Kirillov presented a briefing about Malware Attribute Enumeration and Characterization (MAEC) at Open Group Security Workshop on November 16, 2011 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/SwA Briefing at U.S Coast Guard Operations Systems Center

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC/CWE/SwA at the Operations Systems Center of the U.S. Coast Guard on November 15, 2011 in Kearneysville, West Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

CWE/SANS Top 25 Briefing at Massachusetts Institute of Technology

CWE/CAPEC Program Manager Robert A. Martin presented a briefing about the CWE/SANS Top 25 Most Dangerous Software Errors List as part of MIT's "Architecting Software Systems - Applied Cyber/Physical Security Speaker" series at the Massachusetts Institute of Technology (MIT) on November 15, 2011 in Cambridge, Massachusetts, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC Briefing and Open Architecture Panel Discussion at Defense Daily Open Architecture Summit 2011

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC and participated on discussion panel entitled "DHS Enterprise and Open Architecture" at Defense Daily Open Architecture Summit 2011 on November 9, 2011 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC Briefing and Panel Discussion at Defense Daily Open Architecture Summit 2011, November 9

CAPEC/CWE Co-Founder and Architect Sean Barnum will present a briefing about CAPEC and participate on discussion panel entitled "DHS Enterprise and Open Architecture" at Defense Daily Open Architecture Summit 2011 on November 9, 2011 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC and CybOX Briefings at Open Group Security Workshop, November 16

CAPEC/CWE Co-Founder and Architect Sean Barnum will present a briefing about CAPEC and Cyber Observable Expression (CybOX) at Open Group Security Workshop on November 9, 2011 in Washington, D.C., USA.

Visit the CAPEC Calendar for information on this and other events.

CybOX/CWE/MAEC/SwA Workshops and CAPEC/Making Security Measurable Booth at IT Security Automation Conference 2011

Cyber Observable Expression (CybOX), CWE, CWRAF, CCR, MAEC, and Making Security Measurable were discussion topics at the U.S. National Institute of Standards and Technology's (NIST) 7th Annual IT Security Automation Conference on October 31 – November 2, 2011 in Arlington, Virginia, USA. The CAPEC Team also contributed to the CybOX, CWE, CWRAF, CCR, and SwA-related workshops, and MITRE hosted a CAPEC/Making Security Measurable booth.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/SwA Briefings at Industrial Control Systems Joint Working Group 2011 Fall Conference

CAPEC/CWE Program Manager Robert A. Martin and Deputy Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Richard J. Struse presented briefings about CWE, CAPEC, and Software Assurance (SwA) at Industrial Control Systems Joint Working Group 2011 Fall Conference on October 24-27, 2011 in Long Beach, California, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/SwA Briefings at Industrial Control Systems Joint Working Group 2011 Fall Conference, October 24-27

CAPEC/CWE Program Manager Robert A. Martin and Deputy Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Richard J. Struse will present briefings about CWE, CAPEC, and Software Assurance (SwA) at Industrial Control Systems Joint Working Group 2011 Fall Conference on October 24-27, 2011 in Long Beach, California, USA.

Visit the CAPEC Calendar for information on this and other events.

CybOX/CWE/MAEC/SwA Workshops at IT Security Automation Conference 2011, October 31 – November 2

Cyber Observable Expression (CybOX), CWE, CWRAF, CCR, MAEC, and Making Security Measurable will be discussion topics at the U.S. National Institute of Standards and Technology's (NIST) 7th Annual IT Security Automation Conference on October 31 – November 2, 2011 in Arlington, Virginia, USA. The CAPEC Team is also scheduled to contribute to the CybOX, CWE, CWRAF, CCR, and SwA-related workshops, and MITRE will host a CAPEC/Making Security Measurable booth.

The main purpose of the conference is to discuss Security Content Automation Protocol (SCAP) and "strategies for implementing continuous monitoring, using security automation tools and technologies to ease the technical burdens of policy compliance, and innovated uses of automation across the enterprise in both government and industry applications". SCAP uses the CVE, CCE, CPE, OVAL, XCCDF, and CVSS community standards to enable "automated vulnerability management, measurement, and policy compliance evaluation."

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/Software Assurance Briefings at (ISC)² Security Congress 2011

CAPEC/CWE Program Manager Robert A. Martin presented a briefing entitled "How to Measure Software Security"; Michele Moss, CISSP, CSSLP, and lead associate at Booz Allen Hamilton, Inc. presented a briefing entitled "Why Do Developers Make Dangerous Software Errors?"; and Paul Nguyen, CISSP, CISA, CGEIT, and vice president of cyber solutions for Knowledge Consulting Group presented a briefing entitled "Improve Your SDLC with CAPEC and CWE" at (ISC)² Security Congress 2011 on September 19-21, 2011 at Orange County Convention Center in Orlando, Florida, USA.

In addition, Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Joe Jarzombek participated in a Software Assurance wrap-up discussion panel.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC Briefing and Making Security Measurable Briefing at Software Assurance Enabling Reliability, Resilience, Robustness, and Security Workshop

CAPEC/CWE Program Manager Robert A. Martin presented a CAPEC/CWE/MAEC briefing and a Making Security Measurable briefing at Software Assurance Enabling Reliability, Resilience, Robustness, and Security Workshop on September 26, 2011 in Linthicum Heights, Maryland, USA.

In addition, Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Joe Jarzombek presented a Software Assurance briefing.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/Software Assurance Briefings at (ISC)² Security Congress 2011, September 19-21

CAPEC/CWE Program Manager Robert A. Martin will present a briefing entitled "How to Measure Software Security"; Michele Moss, CISSP, CSSLP, and lead associate at Booz Allen Hamilton, Inc. will present a briefing entitled "Why Do Developers Make Dangerous Software Errors?"; and Paul Nguyen, CISSP, CISA, CGEIT, and vice president of cyber solutions for Knowledge Consulting Group will present a briefing entitled "Improve Your SDLC with CAPEC and CWE" at (ISC)² Security Congress 2011 on September 19-21, 2011 at Orange County Convention Center in Orlando, Florida, USA.

In addition, Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Joe Jarzombek will participate in a Software Assurance wrap-up discussion panel.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC Briefing and Making Security Measurable Briefing at Software Assurance Enabling Reliability, Resilience, Robustness, and Security Workshop, September 26

CAPEC/CWE Program Manager Robert A. Martin will present a CAPEC/CWE/MAEC briefing and a Making Security Measurable briefing at Software Assurance Enabling Reliability, Resilience, Robustness, and Security Workshop on September 26, 2011 in Linthicum Heights, Maryland, USA.

In addition, Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Joe Jarzombek will present a Software Assurance briefing.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC Briefing and Making Security Measurable Briefing at GFIRST 2011

CAPEC/CWE Program Manager Robert A. Martin, CAPEC/CWE Co-Founder and Architect Sean Barnum, and MAEC Program Manager Penny Chase presented a CAPEC/CWE/MAEC briefing and a Making Security Measurable at GFIRST National Conference 2011 on August 8-12, 2011 at the Gaylord Opryland Hotel & Convention Center in Nashville, Tennessee, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC Briefing and Making Security Measurable Briefing at GFIRST 2011, August 8-12

CAPEC/CWE Program Manager Robert A. Martin, CAPEC/CWE Co-Founder and Architect Sean Barnum, and MAEC Program Manager Penny Chase will present a CAPEC/CWE/MAEC briefing and a Making Security Measurable at GFIRST National Conference 2011 on August 8-12, 2011 at the Gaylord Opryland Hotel & Convention Center in Nashville, Tennessee, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/Making Security Measurable Booth at Black Hat Briefings 2011

MITRE hosted a CAPEC/Making Security Measurable booth at Black Hat Briefings 2011 on August 3-4, 2011 at Caesars Palace Las Vegas in Las Vegas, Nevada, USA. Attendees learned how the CWE, CAPEC, MAEC, CVE, CCE, CPE, CEE, OVAL, etc., information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/Making Security Measurable Booth at Black Hat Briefings 2011

MITRE will host a CAPEC/Making Security Measurable booth at Black Hat Briefings 2011 on August 3-4, 2011 at Caesars Palace Las Vegas in Las Vegas, Nevada, USA. Please visit us at Booth 307 and say hello!

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC Briefings at DHS/DoD/NIST SwA Working Group Meeting

CAPEC/CWE Co-Founder and Architect Sean Barnum and CAPEC/CWE Program Manager Robert A. Martin presented briefings about the Top 25, CWE, CWSS, CWRAF, CAPEC, MAEC, CybOX, SAFES, and CEE to the DHS/DoD SwA Working Group Meeting Session on June 28-30, 2011 at MITRE Corporation in McLean, Virginia, USA.

MITRE also hosted a press conference at the event for the release of the 2011 CWE/SANS Top 25 Software Errors list, which resulted in extensive news coverage.

Visit the CAPEC Calendar for information on this and other events.

Briefing Slides from Security Automation Developer Days 2011 Now Available

21 briefing presentations from the sessions at the Security Automation Developer Days 2011 conference on June 14-17, 2011 at MITRE in Bedford, Massachusetts, USA are now available for download on the Events & Participation page on the Making Security Measurable Web site.

Agenda Now Available for MITRE's Security Automation Developer Days 2011 on June 14-17

The agenda for MITRE's free Security Automation Developer Days 2011 conference scheduled for June 14-17, 2011 at MITRE in Bedford, Massachusetts, USA is now available at https://register.mitre.org/devdays/agenda.pdf.

For registration, lodging, and other conference details please visit the conference registration page.

CAPEC/CWE/MAEC Briefings at DHS/DoD/NIST SwA Working Group Meeting, June 28-30

CAPEC/CWE Co-Founder and Architect Sean Barnum will present a briefing about CAPEC, CWE/CAPEC Program Manager Robert A. Martin will present a briefing about CWE, and MAEC Program Manager Penny Chase will present a briefing about MAEC, to the DHS/DoD SwA Working Group Meeting Session on June 28-30, 2011 at MITRE Corporation in McLean, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE Tutorial and Software Assurance Panel Discussion at Systems & Software Technology Conference 2011

CAPEC/CWE Program Manager Robert A. Martin and CAPEC/CWE Co-Founder and Architect Sean Barnum presented a CWE/CAPEC tutorial entitled "Understanding System Weaknesses and How They Could Be Attacked" and participated on a Software Assurance discussion panel at Systems & Software Technology Conference 2011 on May 16-19, 2011 in Salt Lake City, Utah, USA.

In addition, Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Joe Jarzombek presented a briefing entitled "Resilient Software: Security Automation and Measurement Enablers" on May 18th.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE Tutorial and Software Assurance Panel Discussion at Systems & Software Technology Conference 2011, May 16-19

CAPEC/CWE Program Manager Robert A. Martin and CWE/CAPEC Co-Founder and Architect Sean Barnum will present a CWE/CAPEC tutorial entitled "Understanding System Weaknesses and How They Could Be Attacked" and participate on a Software Assurance discussion panel at Systems & Software Technology Conference 2011 on May 16-19, 2011 in Salt Lake City, Utah, USA.

In addition, Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Joe Jarzombek will present a briefing entitled "Resilient Software: Security Automation and Measurement Enablers" on May 18th.

Visit the CAPEC Calendar for information on this and other events.

MITRE to Host Security Automation Developer Days 2011 on June 14-17

MITRE Corporation will host the third Security Automation Developer Days conference on June 14-17, 2011 at MITRE in Bedford, Massachusetts, USA. This four-day conference is technical in nature and will focus on the U.S. National Institute of Standards and Technology’s (NIST) Security Content Automation Protocol (SCAP) and the existing community standards on which it is based.

An agenda will be available soon. For registration, lodging, and other conference details please visit https://register.mitre.org/devdays/.

MITRE Hosts CAPEC/Making Security Measurable Booth at InfoSec World 2011

MITRE hosted a CAPEC/Making Security Measurable booth at InfoSec World Conference & Expo 2011 at Disney's Contemporary Resort in Orlando, Florida, USA, on April 19-21, 2011. Attendees learned how the CWE, CAPEC, MAEC, CVE, OVAL, CCE, CPE, CEE, etc. information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Visit the CAPEC Calendar for information on this and other events.

CAPEC Included in Department of Homeland Security’s Enabling Distributed Security in Cyberspace White Paper

CAPEC was included in the U.S. Department of Homeland Security (DHS) Enabling Distributed Security in Cyberspace white paper published on March 23, 2011 on the DHS Web site Blog. The main topic of the white paper is "how prevention and defense can be enhanced through three security building blocks: automation, interoperability, and authentication. If these building blocks were incorporated into cyber devices and processes, cyber stakeholders would have significantly stronger means to identify and respond to threats — creating and exchanging trusted information and coordinating courses of action in near real time."

The paper defines Interoperability as already being "enabled through an approach that has been refined over the past decade by many in industry, academia, and government. It is an information-oriented approach, generally referred to as [cyber] security content automation …" and is comprised of (1) Enumerations "of the fundamental entities of cybersecurity" and lists CVE, CCE, CPE, CWE, and CAPEC; (2) Languages and Formats that "incorporate enumerations and support the creation of machine-readable security state assertions, assessment results, audit logs, messages, and reports" and lists OVAL, CEE, and MAEC; and (3) Knowledge Repositories that "contain a broad collection of best practices, benchmarks, profiles, standards, templates, checklists, tools, guidelines, rules, and principles, among others" that are based upon or incorporate data from these standards.

The paper also states that these eight established community enumeration and language standards that have been in use within the community for years can be further leveraged moving forward because they are "standards [that] build upon themselves to expand functionality over time", and projections of that expanding utility are provided through 2014.

The white paper is available to view or download at http://www.dhs.gov/xlibrary/assets/nppd-cyber-ecosystem-white-paper-03-23-2011.pdf.

MITRE to Host CAPEC/Making Security Measurable Booth at InfoSec World 2011, April 19-21

MITRE will host a CAPEC/Making Security Measurable booth at InfoSec World Conference & Expo 2011 at Disney’s Contemporary Resort in Orlando, Florida, USA, on April 19-21, 2011.

Members of the CAPEC Team will be in attendance. Please stop by Booth 307 and say hello!

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE Briefing and Software Assurance Panel at Quality Engineered Software and Testing (QUEST) Conference

CAPEC/CWE Program Manager Robert A. Martin presented a briefing about CWE/CAPEC and participated on a panel discussion entitled "Software Assurance: Enabling Quality Assurance to Better Address Software Security and Resilience" at the Quality Engineered Software and Testing (QUEST) Conference on April 6, 2011 in Boston, Massachusetts, USA. The discussion panel was moderated by Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Joe Jarzombek.

Visit the CAPEC Calendar for information on this and other events.

CAPEC Briefing at ISSA NOVA Monthly Meeting

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC on March 17, 2011 at Information Systems Security Association (ISSA)'s Northern Virginia Chapter (NOVA) Monthly Meeting in Fairfax, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC Briefing at the ISSA NOVA Monthly Meeting, March 17

CAPEC/CWE Co-Founder and Architect Sean Barnum will present a briefing about CAPEC on March 17, 2011 at Information Systems Security Association (ISSA)'s Northern Virginia Chapter (NOVA) Monthly Meeting in Fairfax, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

CAPEC Briefing and Making Security Measurable Booth at 2011 Information Assurance Symposium

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC entitled "The Balance of Secure Development and Secure Operations in the Software Security Equation" at the 2011 Information Assurance Symposium in Nashville, Tennessee, USA, on March 8-10, 2011.

In addition, MITRE hosted a Making Security Measurable booth during the expo portion of the event. Attendees learned how information security data standards such as CWE, CAPEC, MAEC, etc., facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Visit the CAPEC Calendar for information on this and other events.

CAPEC/CWE/MAEC Briefings at DHS/DoD/NIST SwA Forum

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC, CWE/CAPEC Program Manager Robert A. Martin present a briefing about CWE, and MAEC Program Manager Penny Chase presented a briefing about MAEC to the DHS/DoD/NIST SwA Forum on February 28 – March 4, 2011 at MITRE Corporation in McLean, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.

MITRE Hosts CAPEC/Making Security Measurable Booth at RSA 2011

MITRE hosted a CAPEC/Making Security Measurable booth at RSA 2011 at the Moscone Center in San Francisco, California, USA, on February 14-18, 2011. Attendees learned how information security data standards such as CWE, CAPEC, MAEC, etc., facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Making Security Measurable booth photos:

Visit the CAPEC Calendar for information on this and other events.

Software Assurance Keynote at International Conference on Software Quality

Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Joe Jarzombek presented a Keynote entitled "Software Assurance: Building in Security as a Requisite Enabler for Safety Critical Software" at the International Conference on Software Quality on February 8, 2011 in San Diego, California, USA. There was also a Making Security Measurable table booth during the expo portion of the event, which ran February 8-10.

Visit the CAPEC Calendar for information on this and other events.

Software Assurance Keynote at International Conference on Software Quality, February 8

Director for Software Assurance at U.S. Department of Homeland Security (DHS) National Cyber Security Division (NCSD) Joe Jarzombek will present a Keynote entitled "Software Assurance: Building in Security as a Requisite Enabler for Safety Critical Software" at the International Conference on Software Quality on February 8, 2011 in San Diego, California, USA.

There will also be a Making Security Measurable table booth during the expo portion of the event, which runs February 8-10.

Visit the CAPEC Calendar for information on this and other events.

MITRE to Host CAPEC/Making Security Measurable Booth at RSA 2011, February 14-18

MITRE will host a CAPEC/Making Security Measurable at RSA 2011 at the Moscone Center in San Francisco, California, USA, on February 14-18, 2011. Attendees will learn how information security data standards such as CWE, CAPEC, MAEC, etc., facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Members of the CAPEC Team will be in attendance. Please stop by Booth 2617 and say hello!

Visit the CAPEC Calendar for information on this and other events.

CAPEC/Making Security Measurable Booth at Black Hat DC 2011

MITRE hosted a CAPEC/Making Security Measurable booth at Black Hat DC 2011, on January 18-19, 2011 in Arlington, Virginia, USA. Attendees learned how information security data standards facilitate both effective security process coordination and the use of automation to assess, manage, and improve the security posture of enterprise security information infrastructures.

Visit the CAPEC Calendar for information on this and other events.

MITRE Announces Initial "Making Security Measurable" Calendar of Events for 2011

MITRE has announced its initial Making Security Measurable calendar of events for 2011. Details regarding MITRE's scheduled participation at these events are noted on the CAPEC Calendar page. Each listing includes the event name with URL, date of the event, location, and a description of our activity at the event.

Other events may be added throughout the year. Visit the CAPEC Calendar for information or contact capec@mitre.org to have MITRE present a briefing or participate in a panel discussion about CAPEC, CWE, MAEC, CVE, CCE, CPE, CEE, OVAL, Software Assurance, and/or Making Security Measurable at your event.

CAPEC/CWE/MAEC Briefings at DHS/DoD/NIST SwA Working Group Meeting

CAPEC/CWE Co-Founder and Architect Sean Barnum presented a briefing about CAPEC, CWE/CAPEC Program Manager Robert A. Martin presented briefings about CWE, and MAEC Program Manager Penny Chase presented a briefing about MAEC to the DHS/DoD SwA Working Group Meeting Session on December 14-16, 2010 at MITRE Corporation in McLean, Virginia, USA.

Visit the CAPEC Calendar for information on this and other events.