Dear CWE/CAPEC community,

I hope this email finds you well.

The team wanted to make you aware of an upcoming change to our sites. The 
<status> attribute in the top right corner of each CWE or CAPEC entry page is 
going to be removed from view. It will remain in the XML of each entry. We are 
making this change to resolve unintended confusion with respect to CWE/CAPEC 

All entries in CWE and CAPEC go through significant rigor, analysis, and review 
during the entry development process. Entries are not published if there is any 
question as to the utility or value of a CWE or a CAPEC being published. The 
<status> attribute and its values were initially intended as means to track 
completeness and maturity of entries (e.g., if certain entries didn’t contain 
content for certain elements of the schema). The truth is that the updating of 
an entry’s <status> attribute over time was not always consistently done. We 
have learned that this has caused confusion.

Over the past few months we have been regularly engaging with community 
stakeholders in the CWE/CAPEC User Experience Working Group. We learned that 
the <status> attribute is commonly misinterpreted, and that a great deal of 
weight is given at times to what a value of “Draft” or “Incomplete” might 
imply. We held a survey to ask what elements of a CWE or CAPEC are most 
important to our users and found that the <status> attribute was more often 
than not considered important or very important. We heard anecdotes of users 
sharing CAPEC information with system designers who saw a <Draft> value on an 
entry as signifying the information was incomplete and/or ‘not final’.

In sum, we think it best to resolve any miscommunication by removing the 
<status> attribute from each CWE and CAPEC entry when viewed on the websites. 
Again, it will remain in the XML for those who wish to make use of it. The team 
aims to continue resolving instances where an entry has an inaccurate <status> 
value, but this will take place behind the pages themselves. As always you can 
feel confident using any and all content on the CWE/CAPEC sites.

The change will be made on the CWE site to coincide with the release of CWE 4.7 
on April 28.
The change will take effect on the CAPEC site with the publication of CAPEC 3.8 
in Summer 2022.

Thank you for your continued support of the CWE/CAPEC program.


Alec J. Summers
Center for Securing the Homeland (CSH)
Cyber Security Engineer, Principal
Group Lead, Cybersecurity Operations and Integration
MITRE - Solving Problems for a Safer World™

Reply via email to