Hi All,

The CAPEC XML schema will have an additional element when CAPEC 3.6 is released 
later this month.

The new element will be named “Extended_Description”.  Its purpose is to enable 
the description element to contain only a brief summary of the purpose of the 
attack pattern.  Other important information that does not belong in any of the 
existing elements will be included in this new element.

The rationale behind this change is:

  *   The CWE schema contains such an element, and a long term goal of the 
CWE/CAPEC program is to make the schemas similar.
  *   Many CAPEC descriptions are much too long.  This leads to the commonly 
known issue – TL;DR (too long; didn’t read).

Because all CAPECs do not need this element, it will be an optional element.  
That means that the corpus will not become less complete by the addition of 
this element.

The CAPEC team will use this element only for any new or revised entries of 
this release, and will not be revisiting the whole corpus to remedy the 
existing TL;DR descriptions.  This will be a task for a future release.

For those of you which ingest CAPEC content as STIX from 
https://github.com/mitre/cti, the team will be updating that repository with 
the new CAPEC 3.6 content as soon as possible.


Rich Piazza
CAPEC Task Leader
Lead Cyber Security Engineer
The MITRE Corporation


Reply via email to