CWE ↔ MITRE ATT&CK
A two-way mapping between CWE and
MITRE ATT&CK: 359 related pairs, 718 directional
rows, LLM-authored (covers / enables · covers / exploits) and human-QA’d
(cohort bulk_after_review_2026_06_08 where applicable).
← all releases
The original mapping — and where we differ
The authoritative reference is MITRE CWE→CAPEC→ATT&CK bridge, a one-way mapping. We compared our two-way reading against it on a pair-presence basis (do we relate the same two entities at all?):
| Authoritative pairs | 567 |
|---|---|
| Agreement (we relate it too) | 332 |
| Conflict (authority relates it, we found no link) | 235 |
| Addition (we relate it, authority omits) | 0 |
Authority maps, we found no link: CWE-1021 ↔ T1036.004; CWE-1021 ↔ T1548.004; CWE-113 ↔ T1539; CWE-114 ↔ T1574.013; CWE-117 ↔ T1562.002; CWE-117 ↔ T1562.003
Reliability
| CWE → MITRE ATT&CK | MITRE ATT&CK → CWE | |
|---|---|---|
| Completeness (full + mostly) | 50.2% | 8.6% |
| Scope — no counterpart (none) | 17.8% | 22.6% |
| Counterpart coverage | 110 mapped | 151 mapped |
| Reverse-presence (bidirectionality) | 81.7% |
|---|---|
| Extent-rank correlation (forward vs reverse) | 0.398 |
Completeness = share of present edges rated full or mostly. Scope = share of pairs with no coverage in that direction (a high value flags entities the other framework doesn’t reach). Reverse-presence = of forward mappings, how many also map back.
Abstraction
| CWE | MITRE ATT&CK | |
|---|---|---|
| Breadth (avg counterparts per entity) | 3.14 | 1.94 |
| Depth (avg coverage strength, 0–3) | 1.53 | 1.1 |
Verdict: CWE sits at a higher level of abstraction (fans out more).
CWE abstraction: Base 66, Class 30, Variant 9, Pillar 4, Compound 1
Raw data
Download the full mapping (every directional edge + the metrics block): JSON · CSV · XLSX
JSON is full-fidelity; CSV is one row per directional edge; XLSX has edges / metrics / diff sheets.