Dear CWE/CAPEC community, I hope this email finds you well.
The team wanted to make you aware of an upcoming change to our sites. The <status> attribute in the top right corner of each CWE or CAPEC entry page is going to be removed from view. It will remain in the XML of each entry. We are making this change to resolve unintended confusion with respect to CWE/CAPEC content. All entries in CWE and CAPEC go through significant rigor, analysis, and review during the entry development process. Entries are not published if there is any question as to the utility or value of a CWE or a CAPEC being published. The <status> attribute and its values were initially intended as means to track completeness and maturity of entries (e.g., if certain entries didn’t contain content for certain elements of the schema). The truth is that the updating of an entry’s <status> attribute over time was not always consistently done. We have learned that this has caused confusion. Over the past few months we have been regularly engaging with community stakeholders in the CWE/CAPEC User Experience Working Group. We learned that the <status> attribute is commonly misinterpreted, and that a great deal of weight is given at times to what a value of “Draft” or “Incomplete” might imply. We held a survey to ask what elements of a CWE or CAPEC are most important to our users and found that the <status> attribute was more often than not considered important or very important. We heard anecdotes of users sharing CAPEC information with system designers who saw a <Draft> value on an entry as signifying the information was incomplete and/or ‘not final’. In sum, we think it best to resolve any miscommunication by removing the <status> attribute from each CWE and CAPEC entry when viewed on the websites. Again, it will remain in the XML for those who wish to make use of it. The team aims to continue resolving instances where an entry has an inaccurate <status> value, but this will take place behind the pages themselves. As always you can feel confident using any and all content on the CWE/CAPEC sites. The change will be made on the CWE site to coincide with the release of CWE 4.7 on April 28. The change will take effect on the CAPEC site with the publication of CAPEC 3.8 in Summer 2022. Thank you for your continued support of the CWE/CAPEC program. Cheers, Alec -- Alec J. Summers Center for Securing the Homeland (CSH) Cyber Security Engineer, Principal Group Lead, Cybersecurity Operations and Integration –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World™
