Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Mapping CVEs to MITRE ATT&CK Techniques #16

Open
MaurizioCasciano opened this issue Oct 31, 2023 · 2 comments
Open

Mapping CVEs to MITRE ATT&CK Techniques #16

MaurizioCasciano opened this issue Oct 31, 2023 · 2 comments

Comments

@MaurizioCasciano
Copy link

Proposed New Idea/Feature (required)

This feature aims to fill the gap between CVEs and MITRE ATT&CK techniques.

It will allow to map the CPE of an asset/device with the CVEs and the corresponding MITRE ATT&CK techniques;
thus allowing to know/implement the corresponding MITRE ATT&CK Mitigations.

This feature will benefit the software providers of Cyber Risk Assessment tools and all the CVE & MITRE ATT&CK users by providing hints on the possible mitigations to improve their cyber security posture of a particular device.
@JonathanLEvans
Copy link

Support for MITRE ATT&CK mappings was added through the taxonomyMappings object in CVEProject/cve-schema#6.

The only use of it so far seems to be CVE-2023-23770.

@zmanion
Copy link

zmanion commented Oct 6, 2024

So it looks like the schema part of this is complete. If the issue is about performing mappings or developing guidance, that's a bigger lift and I don't believe something the CVE Program is planning to do.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MaurizioCasciano @zmanion @JonathanLEvans