3

Vulnerabilities with a CVE usually also have a CWE associated with them, but almost never CAPEC. CWE's site also only very rarely points to related CAPEC items.

Is there a way to find a CVE's related CAPEC items? or a mapping from CWE items to CAPEC items?

CAPEC seems very poorly integrated with other security standards, is CAPEC even wildly accepted in the security community? is there an alternative?

drdrek
  • 165
  • 4

1 Answers1

1

The CAPEC schema contains a field - RelatedWeaknessesType or Related Weaknesses (version 3.0) which references one or more CWE ids related to the specific CAPEC entry. From this appropriate mappings to the according CVEs can be established. For example, CVE-2017-7269 is classified under CWE 119, which in turn is related to CAPEC 100.

SyCode
  • 200
  • 8