3 Comments

People are the cybersecurity vulnerability whether it's coding, configuration, or behavior, and we spend all our time trying to patch our way out of it with software updates or new tech. Too bad we can't patch people's behavior.

Expand full comment

Ross,

Great post. I find most folks have heard of Mitre ATT&CK, but haven't heard of MITRE CAPEC.

https://capec.mitre.org/about/attack_comparison.html

If you are focusing on application security risks then you should look at Capec. If you are looking at network defense then look at Mitre ATT&CK

Expand full comment

I had no idea it exists myself - thanks Ross!

Expand full comment