New to CAPEC? Start Here
Home > CAPEC List > CAPEC-685: Development and Production (Version 3.9)  

CAPEC CATEGORY: Development and Production

Category ID: 685
 
+ Summary
Attack patterns within this category focus on the exploitation of weaknesses within the Development and Production phase of the CISA Supply Chain Lifecycle.
+ Membership
NatureTypeIDName
MemberOfViewView - A view in CAPEC represents a perspective with which one might look at the collection of attack patterns defined within CAPEC. There are three different types of views: graphs, explicit slices, and implicit slices.683Supply Chain Risks
HasMemberStandard Attack PatternStandard Attack Pattern - A standard level attack pattern in CAPEC is focused on a specific methodology or technique used in an attack. It is often seen as a singular piece of a fully executed attack. A standard attack pattern is meant to provide sufficient details to understand the specific technique and how it attempts to accomplish a desired goal. A standard level attack pattern is a specific type of a more abstract meta level attack pattern.444Development Alteration
HasMemberMeta Attack PatternMeta Attack Pattern - A meta level attack pattern in CAPEC is a decidedly abstract characterization of a specific methodology or technique used in an attack. A meta attack pattern is often void of a specific technology or implementation and is meant to provide an understanding of a high level approach. A meta level attack pattern is a generalization of related group of standard level attack patterns. Meta level attack patterns are particularly useful for architecture and design level threat modeling exercises.690Metadata Spoofing
+ References
[REF-718] "Supply Chain Risks for Information and Communication Technology". Cyber and Infrastructure Security Agency (CISA). 2018-12. <https://www.cisa.gov/sites/default/files/publications/19_0424_cisa_nrmc_supply-chain-risks-for-information-and-communication-technology.pdf>. URL validated: 2022-07-26.
+ Content History
Submissions
Submission DateSubmitterOrganization
2022-09-29
(Version 3.8)
CAPEC Content TeamThe MITRE Corporation
Modifications
Modification DateModifierOrganization
2023-01-24
(Version 3.9)
CAPEC Content TeamThe MITRE Corporation
Updated Relationships
More information is available — Please select a different filter.
Page Last Updated or Reviewed: September 29, 2022
 

Use of the Common Attack Pattern Enumeration and Classification (CAPEC), and the associated references from this website are subject to the Terms of Use. Copyright © 2007–2024, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.