Hi All, The CAPEC XML schema will have an additional element when CAPEC 3.6 is released later this month.
The new element will be named “Extended_Description”. Its purpose is to enable the description element to contain only a brief summary of the purpose of the attack pattern. Other important information that does not belong in any of the existing elements will be included in this new element. The rationale behind this change is: * The CWE schema contains such an element, and a long term goal of the CWE/CAPEC program is to make the schemas similar. * Many CAPEC descriptions are much too long. This leads to the commonly known issue – TL;DR (too long; didn’t read). Because all CAPECs do not need this element, it will be an optional element. That means that the corpus will not become less complete by the addition of this element. The CAPEC team will use this element only for any new or revised entries of this release, and will not be revisiting the whole corpus to remedy the existing TL;DR descriptions. This will be a task for a future release. For those of you which ingest CAPEC content as STIX from https://github.com/mitre/cti, the team will be updating that repository with the new CAPEC 3.6 content as soon as possible. Rich -- Rich Piazza CAPEC Task Leader Lead Cyber Security Engineer The MITRE Corporation 781-271-3760 [cidimage001.png@01D6BCC7.E97F0DA0]