New to CAPEC? Start Here
Home > News > News & Events - 2019 Archive  

News & Events

2019 Archive

CybOnt Added to "CAPEC Organization Usage" Page that Highlights How Vendors Are Using CAPEC

October 22, 2019 | Share this article

The "CAPEC Organization Usage" page highlights how organizations are actively using CAPEC in their products. Each listing includes the company name, a summary statement of use, brief description, and a screen shot (when available).

One new organization added:

CybOnt – CybOnt uses CAPEC to inform its T-Box ontology

To view their complete listing, visit the CAPEC Organization Usage page.

We encourage any organization currently using CAPEC to contact us to be added to this page. We look forward to hearing from you!

Back to top

Synopsys Added to "CAPEC Organization Usage" Page that Highlights How Vendors Are Using CAPEC

October 16, 2019 | Share this article

The "CAPEC Organization Usage" page highlights how organizations are actively using CAPEC in their products. Each listing includes the company name, a summary statement of use, brief description, and a screen shot (when available).

One new organization added:

Synopsys – Synopsys Seeker identifies vulnerability trends against CAPEC and other compliance standards

To view their complete listing, visit the CAPEC Organization Usage page.

We encourage any organization currently using CAPEC to contact us to be added to this page. We look forward to hearing from you!

Back to top

vFeed Added to "CAPEC Organization Usage" Page that Highlights How Vendors Are Using CAPEC

October 1, 2019 | Share this article

The "CAPEC Organization Usage" page highlights how organizations are actively using CAPEC in their products. Each listing includes the company name, a summary statement of use, brief description, and a screen shot (when available).

One new organization added:

vFeed – incorporates CAPEC into a vulnerability intelligence database & feeds

To view their complete listing, visit the CAPEC Organization Usage page.

We encourage any organization currently using CAPEC to contact us to be added to this page. We look forward to hearing from you!

Back to top

CAPEC List Version 3.2 Now Available

September 30, 2019 | Share this article

CAPEC Version 3.2 has been posted on the CAPEC List page. A detailed report is available that lists specific changes between Version 3.1 and Version 3.2.

Version 3.2 includes the addition of two new attack patterns: CAPEC-480: Escaping Virtualization, and CAPEC-497: File Discovery. In addition, 3 Common Attack Pattern Enumeration and Classification (CAPEC™)-to-Common Weakness Enumeration (CWE™) mappings were added, and 125 patterns and 7 categories were updated.

The CAPEC Schema was updated from v3.1 to v3.2 to improve the RelationshipsType documentation and to remove duplicative ViewType documentation.

Summary

There are now 517 total attack patterns listed.

Changes for the new version release include the following:

  • New Attack Patterns Added:
 2
  • Existing Attack Patterns Updated:
 125
  • Attack Patterns Deprecated:
 4
  • Existing Categories Updated:
 7
  • CAPEC-to-CWE Mappings Added:
3
  • CAPEC-to-CWE Mappings Removed:
12

See the complete list of changes at https://capec.mitre.org/data/reports/diff_reports/v3.1_v3.2.html.

Future updates will be noted here, on the CAPEC Research email discussion list, CAPEC page on LinkedIn, and on @cwecapec on Twitter. Please send any comments or concerns to capec@mitre.org.

Back to top

CAIRIS and IriusRisk Added to "CAPEC Organization Usage" Page that Highlights How Vendors Are Using CAPEC

September 30, 2019 | Share this article

The "CAPEC Organization Usage" page highlights how organizations are actively using CAPEC in their products. Each listing includes the company name, a summary statement of use, brief description, and a screen shot (when available).

The two new organizations are:

CAIRIS – open-source design platform for putting attack patterns in context that comes with pre-packaged directories based on CWE and CAPEC
IriusRisk – threat modeling and risk management platform that uses CAPEC to generate a dynamic threat model

View their complete listings and screenshots on the CAPEC Organization Usage page.

We encourage any organization currently using CAPEC to contact us to be added to this page. We look forward to hearing from you!

Back to top

CAPEC Launches "@cwecapec" Twitter Feed

July 1, 2019 | Share this article

Please follow our new Twitter account at https://twitter.com/cwecapec to get the latest CAPEC news and announcements.

Back to top

New "CAPEC Organization Usage" Page Highlights How Organizations Are Using CAPEC

June 26, 2019 (updated September 30, 2019) | Share this article

A new "CAPEC Organization Usage" page in the Community section highlights how organizations are actively using CAPEC in their products. Each listing includes the company name, a summary statement of use, brief description, and a screen shot (when available).

The first three companies listed are:

IBM Security – associating CAPEC attack patterns with real cyber-security incidents
Praetorian – goal-based product security testing using CAPEC
ThreatModeler – ThreatModeler leverages CAPEC within its Centralized Threat Library (CTL)

View their complete listings and screenshots on the CAPEC Organization Usage page. Future additions will be announced here, in the CAPEC Announce e-newsletter, on the CAPEC LinkedIn page, and on @cwecapec on Twitter.

We encourage any organization currently using CAPEC to contact us to be added to this page. We look forward to hearing from you!

Back to top

CAPEC List Version 3.1 Now Available

April 4, 2019 | Share this article

CAPEC Version 3.1 has been posted on the CAPEC List page. A detailed report is available that lists specific changes between Version 3.0 and Version 3.1.

Version 3.1 includes the addition of two new attack patterns: CAPEC-481: Contradictory Destinations in Traffic Routing Schemes, and CAPEC-509: Kerberoasting. Also, a big effort was made to improve the mappings between attack patterns the and weaknesses that are exploited. In total, 161 mappings were changed. Finally, the Domain of Attack view was fixed to enable proper expansion of the graph. The new type was added to the schema to support this.

There are now 519 total attack patterns listed.

Changes for the new version release include the following:

  • New Attack Patterns Added:
 2
  • Existing Attack Patterns Updated:
 175
  • Attack Patterns Deprecated:
 2
  • Existing Categories Updated:
 5
  • CAPEC-to-CWE Mapping Added:
104
  • CAPEC-to-CWE Mapping Removed:
57

See the complete list of changes at https://capec.mitre.org/data/reports/diff_reports/v3.0_v3.1.html.

Comments are welcome on the CAPEC Research Email Discussion List. Future updates will be noted here and on the CAPEC Research list.

Back to top
More information is available — Please select a different filter.
Page Last Updated or Reviewed: January 03, 2020
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. CAPEC is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2007–2024, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.