Cyber Resilience

Cross-walk release · 10 June 2026

CAPEC ↔ CWE

A two-way mapping between CAPEC and CWE: 1039 related pairs, 2078 directional rows, LLM-authored (covers / exploits · covers / enables) and human-QA’d (cohort bulk_after_review_2026_06_08 where applicable). ← all releases

The original mapping — and where we differ

The authoritative reference is MITRE CAPEC↔CWE bridge (Related_Attack_Patterns), a one-way mapping. We compared our two-way reading against it on a pair-presence basis (do we relate the same two entities at all?):

Authoritative pairs1212
Agreement (we relate it too)993
Conflict (authority relates it, we found no link) 219
Addition (we relate it, authority omits) 0

Authority maps, we found no link: CAPEC-1 ↔ CWE-1191; CAPEC-1 ↔ CWE-1193; CAPEC-1 ↔ CWE-1297; CAPEC-1 ↔ CWE-1311; CAPEC-1 ↔ CWE-1315; CAPEC-1 ↔ CWE-1318

Reliability

CAPEC → CWECWE → CAPEC
Completeness (full + mostly) 3.2% 84.9%
Scope — no counterpart (none) 7.9% 14.3%
Counterpart coverage 431 mapped 294 mapped
Reverse-presence (bidirectionality) 89.2%
Extent-rank correlation (forward vs reverse) 0.381

Completeness = share of present edges rated full or mostly. Scope = share of pairs with no coverage in that direction (a high value flags entities the other framework doesn’t reach). Reverse-presence = of forward mappings, how many also map back.

Abstraction

CAPECCWE
Breadth (avg counterparts per entity) 2.323.31
Depth (avg coverage strength, 0–3) 1.042.52

Verdict: CWE sits at a higher level of abstraction (fans out more).

CWE abstraction: Base 185, Class 50, Variant 46, Pillar 7, Compound 6

Raw data

Download the full mapping (every directional edge + the metrics block): JSON · CSV · XLSX

JSON is full-fidelity; CSV is one row per directional edge; XLSX has edges / metrics / diff sheets.