attackics:Privacy policy

From attackics
Revision as of 10:31, 11 July 2014 by (username removed)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


This privacy policy describes:

  • The type of information that is collected
  • How the information is used by MITRE
  • What information may be provided to third parties
  • Web Site Access Information

All accesses of are logged. The following information is recorded for each visitor to the ATT&CK Web site: IP address, date and time of access, the requested URL, the referring URL (if provided by the Web browser), and the browser type (if provided by the Web browser).

The IP address and its associated domain name (if any) are used to determine broad demographic information. The IP address may be used to track how users navigate through the ATT&CK Web site. User-entered keyword search strings are used to gauge user interest in specific types of vulnerability information. Each access of an individual ATT&CK entry or candidate page is also used to gauge user interest.

Web log information may also be provided to limited research groups within MITRE to support research related to the World Wide Web.

Mailing List Subscription Information[edit]

MITRE performs due diligence to ensure that subscription information is kept confidential. In addition, all ATT&CK-related mailing lists that are sponsored by MITRE are configured to prevent attackers from identifying the subscribers to such mailing lists.

Optional information that subscribers may provide, such as company name, location, or job function, is used to determine broad demographic information regarding the types of users of these mailing lists. Subscribers are not required to provide this information.

Provision of Information to Third Parties[edit]

MITRE will not provide any information that identifies specific individuals, e.g., email addresses or IP addresses, to any other organization, except where required by law. MITRE may provide broad demographic information to other organizations.

Due Diligence for Intrusion Detection, Prevention, and Reporting MITRE performs due diligence to preserve the integrity of the information on the ATT&CK Web site. MITRE uses various logging and tracking mechanisms to support the detection, reporting, or recovery from attempted intrusions into MITRE reserves the right to use all available technologies without notice to protect its networks from unauthorized use, and to report attempted intrusions to the appropriate authorities.

Notification of Privacy Changes[edit]

If MITRE changes the information that is recorded on, or changes the mechanisms by which this information is added, then MITRE will update this privacy statement and send an email notification to ATT&CK-related mailing lists.