Open MaurizioCasciano opened 1 year ago
JonathanLEvans
commented
10 months ago Support for MITRE ATT&CK mappings was added through the taxonomyMappings object in https://github.com/CVEProject/cve-schema/pull/6.
The only use of it so far seems to be CVE-2023-23770.
zmanion
commented
1 month ago So it looks like the schema part of this is complete. If the issue is about performing mappings or developing guidance, that's a bigger lift and I don't believe something the CVE Program is planning to do.
Proposed New Idea/Feature (required)
This feature aims to fill the gap between CVEs and MITRE ATT&CK techniques.
It will allow to map the CPE of an asset/device with the CVEs and the corresponding MITRE ATT&CK techniques; thus allowing to know/implement the corresponding MITRE ATT&CK Mitigations.
This feature will benefit the software providers of Cyber Risk Assessment tools and all the CVE & MITRE ATT&CK users by providing hints on the possible mitigations to improve their cyber security posture of a particular device.