Cyber Resilience

Cross-walk release · 10 June 2026

CWE ↔ MITRE ATT&CK

A two-way mapping between CWE and MITRE ATT&CK: 359 related pairs, 718 directional rows, LLM-authored (covers / enables · covers / exploits) and human-QA’d (cohort bulk_after_review_2026_06_08 where applicable). ← all releases

The original mapping — and where we differ

The authoritative reference is MITRE CWE→CAPEC→ATT&CK bridge, a one-way mapping. We compared our two-way reading against it on a pair-presence basis (do we relate the same two entities at all?):

Authoritative pairs567
Agreement (we relate it too)332
Conflict (authority relates it, we found no link) 235
Addition (we relate it, authority omits) 0

Authority maps, we found no link: CWE-1021 ↔ T1036.004; CWE-1021 ↔ T1548.004; CWE-113 ↔ T1539; CWE-114 ↔ T1574.013; CWE-117 ↔ T1562.002; CWE-117 ↔ T1562.003

Reliability

CWE → MITRE ATT&CKMITRE ATT&CK → CWE
Completeness (full + mostly) 50.2% 8.6%
Scope — no counterpart (none) 17.8% 22.6%
Counterpart coverage 110 mapped 151 mapped
Reverse-presence (bidirectionality) 81.7%
Extent-rank correlation (forward vs reverse) 0.398

Completeness = share of present edges rated full or mostly. Scope = share of pairs with no coverage in that direction (a high value flags entities the other framework doesn’t reach). Reverse-presence = of forward mappings, how many also map back.

Abstraction

CWEMITRE ATT&CK
Breadth (avg counterparts per entity) 3.141.94
Depth (avg coverage strength, 0–3) 1.531.1

Verdict: CWE sits at a higher level of abstraction (fans out more).

CWE abstraction: Base 66, Class 30, Variant 9, Pillar 4, Compound 1

Raw data

Download the full mapping (every directional edge + the metrics block): JSON · CSV · XLSX

JSON is full-fidelity; CSV is one row per directional edge; XLSX has edges / metrics / diff sheets.