Secure AI
A collaboration with MITRE ATLAS™ to advance security for AI–enabled systems that takes a threat-informed approach, enables rapid exchange of new …
February 13, 2025
Project Summary
Prioritize Known Exploited Vulnerabilities shows defenders how to take a threat informed approach to vulnerability management.
The Prioritize Known Exploited Vulnerabilities mappings are part of our Mappings Explorer program. Use the Mappings Explorer website to navigate, explore, search, and download our mappings of security capabilities to MITRE ATT&CK®.
Problem
Defenders struggle to integrate vulnerability and threat information and lack a consistent view of how adversaries use vulnerabilities to achieve their goals. Without this context, it is difficult to appropriately prioritize vulnerabilities.
Solution
Use the adversary behaviors described in ATT&CK to characterize the impact of a vulnerability. Then, apply that methodology to provide critically needed context to known exploited vulnerabilities.
Impact
CVEs linked to ATT&CK techniques form a crucial contextual bridge between vulnerability management, threat modeling, and compensating controls, empowering defenders to better assess the true risk posed by specific vulnerabilities in their environment.
Funding Research Participants
Explore More of Our Work:
Fight Financial Fraud
The Fight Fraud Framework strengthens fraud analysis by giving teams a clear behavioral structure to identify risks, focus investigations, and …
Ambiguous Techniques
With Ambiguous Techniques, you will reduce false positives, focus on the highest‑value log sources, and uncover adversarial use of …
Stay Informed
Sign up for our "Stay Informed" mailing list to receive announcements for project publications, upcoming events, and other news about the Center.