This article has been indexed from Help Net Security
Vulnerability reporters should start using MITRE ATT&CK technique references to describe what the attacker is trying to achieve by exploiting a given CVE-numbered vulnerability, the MITRE Engenuity team urges. “Using ATT&CK facilitates making descriptions of impacts and exploitation methods consistent across reports. When used in a vulnerability report, ATT&CK’s tactics and techniques enable defenders to quickly understand how a vulnerability can impact them, helping defenders integrate vulnerability information into their risk models and identify appropriate … More
The post Mapping ATT&CK techniques to CVEs should make risk assessment easier appeared first on Help Net Security.
Read the original article: Mapping ATT&CK techniques to CVEs should make risk assessment easier