Hi Avi and Nan, Thanks for you suggestion. I have put in a tracker item for it.
Thanks for your interest in CAPEC. Rich -- Rich Piazza CAPEC Task Leader Lead Cyber Security Engineer The MITRE Corporation 781-271-3760 –––––––––––––––––––––––––––––––––––– MITRE - Solving Problems for a Safer World™ From: Nan MESSE <lunanan4178...@gmail.com> Date: Friday, March 3, 2023 at 10:23 AM To: CAPEC Researcher Discussion <capec-research-list@mitre.org> Cc: Avi Shaked <avi.sha...@cs.ox.ac.uk> Subject: Suggestion to improve CAPEC 37 Dear CAPEC community, We have realized that CAPEC-37 can also be related with CWE-284. Having improper access control can lead to the disclosure of sensitive data embedded within the system (For example, sensitive files, certificates and tokens, etc.). What do you think about it ? Best regards, Avi and Nan