CAPEC - Privacy Policy


Common Attack Pattern Enumeration and Classification A Community Resource for Identifying and Understanding Attacks

Home > About CAPEC > Privacy Policy

Privacy Policy

Introduction

This privacy policy describes:

The type of information that is collected
How the information is used by MITRE
What information may be provided to third parties

Web Site Access Information

All accesses of capec.mitre.org are logged. The following information is recorded for each visitor to the CAPEC Web site: IP address, date and time of access, the requested URL, the referring URL (if provided by the Web browser), and the browser type (if provided by the Web browser).

The IP address and its associated domain name (if any) are used to determine broad demographic information. The IP address may be used to track how users navigate through the CAPEC Web site. Each access of an individual CAPEC identifier and supporting data is also used to gauge user interest.

Web log information may also be provided to limited research groups within MITRE to support research related to the World Wide Web.

The capec.mitre.org Web site only uses cookies for the sole purpose of saving presentation filter selections so users to not have to continuously update the filter to navigate the CAPEC List. However, it may also use cookies in the future to provide more detailed information regarding how users are navigating through the Web site, and to provide additional user functionality. MITRE will notify capec.mitre.org users of this change as outlined in the "Notification of Privacy Changes" section.

Mailing List Subscription Information

MITRE performs due diligence to ensure that subscription information is kept confidential. In addition, all CAPEC-related mailing lists that are sponsored by MITRE are configured to prevent attackers from identifying the subscribers to such mailing lists.

Optional information that subscribers may provide, such as company name, location, or job function, is used to determine broad demographic information regarding the types of users of these mailing lists. Subscribers are not required to provide this information.

Provision of Information to Third Parties

MITRE will not provide any information that identifies specific individuals, e.g., email addresses or IP addresses, to any other organization, except where required by law. MITRE may provide broad demographic information to other organizations.

Due Diligence for Intrusion Detection, Prevention, and Reporting

MITRE performs due diligence to preserve the integrity of the information on the CAPEC Web site. MITRE uses various logging and tracking mechanisms to support the detection, reporting, or recovery from attempted intrusions into capec.mitre.org. MITRE reserves the right to use all available technologies without notice to protect its networks from unauthorized use, and to report attempted intrusions to the appropriate authorities.

Notification of Privacy Changes

If MITRE changes the information that is recorded on capec.mitre.org, or changes the mechanisms by which this information is added, then MITRE will update this privacy statement and send an email notification to available CAPEC-related mailing lists.

More information is available — Please select a different filter.

Page Last Updated or Reviewed: April 04, 2019


	Site Map \| Terms of Use \| Manage Cookies \| Privacy Policy \| Contact Us \| Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. CAPEC is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2007–2023, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.