OpenCRE icon indicating copy to clipboard operation
OpenCRE copied to clipboard

Published 20 hours ago verified publisher icon OWASP

CRE does not contain the Att&ck framework

Open northdpole opened this issue 2 years ago • 2 comments

Issue

What is the issue?

We are missing the Att&ck framework, it could be used to add more CREs and easily map more tools, code snippets etc. Should be relatively easy to import via https://attack.mitre.org/resources/working-with-attack/

northdpole avatar Apr 05 '22 19:04 northdpole

Let's then go for CAPEC first, as it is oriented towards appsec and not networks - the Att&ck framework is about that. More info: https://capec.mitre.org/about/attack_comparison.html I believe Christian from Core ruleset talked about basing their data on capec as well. CWE 311 has about 12 capecs linked. We need to decide whether we want our users to go to CWE and go to the threats from there, or duplicate the CWE data in our database and present the capecs here. Tough call.

robvanderveer avatar Apr 06 '22 21:04 robvanderveer

capec has been parsed in #212

northdpole avatar May 08 '22 21:05 northdpole