Hi Avi and Nan,
Thanks for you suggestion. I have put in a tracker item for it.
Thanks for your interest in CAPEC.
Rich
--
Rich Piazza
CAPEC Task Leader
Lead Cyber Security Engineer
The MITRE Corporation
781-271-3760
––––––––––––––––––––––––––––––––––––
MITRE - Solving Problems for a Safer World™
From: Nan MESSE <lunanan4178...@gmail.com>
Date: Friday, March 3, 2023 at 10:23 AM
To: CAPEC Researcher Discussion <capec-research-list@mitre.org>
Cc: Avi Shaked <avi.sha...@cs.ox.ac.uk>
Subject: Suggestion to improve CAPEC 37
Dear CAPEC community,
We have realized that CAPEC-37 can also be related with CWE-284. Having
improper access control can lead to the disclosure of sensitive data
embedded within the system (For example, sensitive files, certificates
and tokens, etc.).
What do you think about it ?
Best regards,
Avi and Nan
