The ATT&CK framework should account for the “full gamut of adversary behavior,” says one of the lead cybersecurity engineers who helps maintain the popular document.
MITRE and other "ATT&CK" advocates say the framework is ballooning as a popular way for people performing different roles in cybersecurity to speak the same language.
The industry-wide program for naming and documenting vulnerabilities suffers from fluctuating funding and insufficient oversight, according to a House panel.