CAPEC and CWE

This page has been moved to Zendesk. Please, refer to this link for the latest version.

IriusRisk includes the latest CAPEC and CWE libraries as published by MITRE.

CAPEC

The CAPEC library is loaded at application startup time and is accessible in IriusRisk as a "Library".  You can access this library by choosing the "Add Threat From Existing..." item from the Action menu on the Threat tab.  This will allow you to choose the CAPEC library to search through and add the attack as a new threat:

The content from the CAPEC entry is used as the content for the Threat.  Some CAPEC entries also include references to the CWE library, where these exist, IriusRisk automatically imports the CWE entry as a Weakness and also adds HTML links to the CAPEC and CWE entries as "References":

CWE

The CWE library is loaded at application startup and the content can be accessed in a similar way to CAPEC.  But instead of using the "Add Threat from Existing...", you would use the "Add Weakness" option from the Action menu of a specific threat in the threat table.  In the window you can then search for specific CWE entries:

The content from the CWE entry is added directly as a "Weakness":




On this page: