pytm – uses CAPEC in its threat library.
News & Events2020 ArchiveCAPEC List Version 3.4 Now Available December 17, 2020 | Share this article CAPEC Version 3.4 has been posted on the CAPEC List page. A detailed report is available that lists specific changes between Version 3.3 and Version 3.4. Version 3.4 includes:
The CAPEC Schema was updated from v3.3 to v3.4 to replace “WASCv2” with “WASC” in TaxonomyNameEnumeration, and add "OWASP Attacks" to TaxonomyNameEnumeration. Summary There are now 527 total attack patterns listed. Changes for the new version release include the following:
See the complete list of changes at https://capec.mitre.org/data/reports/diff_reports/v3.3_v3.4.html. Future updates will be noted here, on the CAPEC Research email discussion list, CAPEC page on LinkedIn, and on @cwecapec on Twitter. Please contact us with any comments or concerns. pytm Added to “CAPEC Organization Usage” Page that Highlights How Vendors Are Using CAPEC August 25, 2020 | Share this article The “CAPEC Organization Usage” page highlights how organizations are actively using CAPEC in their products. Each listing includes the company name, a summary statement of use, brief description, and a screen shot (when available). One new organization added: To view the complete listing, visit the CAPEC Organization Usage page. We encourage any organization currently using CAPEC to contact us to be added to this page. We look forward to hearing from you! CAPEC List Version 3.3 Now Available July 30, 2020 | Share this article CAPEC Version 3.3 has been posted on the CAPEC List page. A detailed report is available that lists specific changes between Version 3.2 and Version 3.3. Version 3.3 includes the addition of seven new attack patterns: CAPEC-508: Shoulder Surfing, CAPEC-565: Password Spraying, CAPEC-655: Avoid Security Tool Identification by Adding Data, and as part of reorganization of the CAPEC-560 subtree, CAPEC-600: Credential Stuffing, CAPEC-652: Use of Known Kerberos Credentials, CAPEC-653: Use of Known Windows Credentials, and CAPEC-654: Credential Prompt Impersonation. In addition, 152 CAPEC-to-CWE (Common Weakness Enumeration) mappings were added, and 245 patterns and 4 categories were updated. CWE versions 4.0 and 4.1 added 72 Hardware CWEs, 49 of which were mapped to CAPEC Entries in CAPEC Version 3.3. Some CAPEC Entries were enhanced to fully understand the mapping. One new software CWE was also mapped. These mappings help inform a tighter integration between CWE and CAPEC. The CAPEC Schema was updated from v3.2 to v3.3 to change AttackPatternType/Description, AudienceType/Description, IndicatorsType/Indicator, and PrerequisitesType/Prerequisite to StructuredTextType. Summary There are now 524 total attack patterns listed. Changes for the new version release include the following:
See the complete list of changes at https://capec.mitre.org/data/reports/diff_reports/v3.2_v3.3.html. Future updates will be noted here, on the CAPEC Research email discussion list, CAPEC page on LinkedIn, and on @cwecapec on Twitter. Please contact us with any comments or concerns. VERDICT Added to “CAPEC Organization Usage” Page that Highlights How Vendors Are Using CAPEC July 30, 2020 | Share this article The “CAPEC Organization Usage” page highlights how organizations are actively using CAPEC in their products. Each listing includes the company name, a summary statement of use, brief description, and a screen shot (when available). One new organization added: VERDICT – uses CAPEC to generate fault and attack/defense trees for analyzing safety and security of architectural models and mission scenarios
To view the complete listing, visit the CAPEC Organization Usage page. We encourage any organization currently using CAPEC to contact us to be added to this page. We look forward to hearing from you! New CWE/CAPEC Board Includes Representatives from IT and Cybersecurity Communities July 20, 2020 | Share this article CAPEC has established a new CWE/CAPEC Board comprised of representatives from commercial hardware and software vendors, academia, government departments and agencies, and other prominent security experts that will set and promote the goals and objectives of the Common Weakness Enumeration (CWE™)/Common Attack Pattern Enumeration and Classification (CAPEC™) Program. Members of the CWE/CAPEC Board will work with each other and the community to advise and advocate for the CWE/CAPEC Program. Through open and collaborative discussions, board members will provide critical input regarding domain coverage, coverage goals, operating structure, and strategic direction. All Board Meetings and Board Email List Discussions will be archived for the community. The newly established Board includes representatives from the following organizations: Cloud Security Alliance, Consortium for IT Software Quality (CISQ), Cybersecurity and Infrastructure Security Agency (CISA), GrammaTech, Intel, Micro Focus, MITRE (CWE/CAPEC Board Moderator), National Institute of Standards and Technology (NIST), Open Web Application Security Project (OWASP), SANS, Synopsys, Tortuga Logic, Università degli Studi di Milano - Bicocca, and Veracode. Visit the CWE/CAPEC Board page to learn more and/or to view the complete list of members. More information is available — Please select a different filter. |
