Vulnerability reporters should start using MITRE ATT&CK technique references to describe what the attacker is trying to achieve by exploiting a given CVE-numbered vulnerability, the MITRE Engenuity team urges. “Using ATT&CK facilitates making descriptions of impacts and exploitation methods consistent across reports. When used in a vulnerability report, ATT&CK’s tactics and techniques enable defenders to quickly understand how a vulnerability can impact them, helping defenders integrate vulnerability information into their risk models and identify appropriate … Continue reading Mapping ATT&CK techniques to CVEs should make risk assessment easier