Add optional CAPEC to vulnerabilities #766
Assignees
Labels
csaf 2.x
Maybe future
Comments
|
@CERT-VDE The comments mailing list is now back online. Please formally announce your suggestion there, e.g. through "Please see our suggest in Github Issue XYZ (https://github.com/oasis-tcs/csaf/issues/XYZ)." Thank you! |
|
During the TC meeting on September 25, 2024, we discussed the prioritization of including CAPEC in CSAF 2.1. The consensus was to consider this for a future release rather than for 2.1. Please share any additional use cases or suggestions for reprioritization in the comments section of this issue. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
It should be possible to add MITREs Common Attack Pattern Enumerations and Classifications (CAPEC) to a vulnerability in CSAF. This field should be optional like it is in CVE entries and may be an array of multiple CAPECs.
This may add information to CSAF advisories that help to asses risks of a vulnerability.
The text was updated successfully, but these errors were encountered: