@timb_machine One day when we read links like https://br0k3nlab.com/resources/axioms-of-security-and-rule-based-capabilities/ people will have read the #OpenTide white paper and realized how it changes the conversation about #detectioncoverage but this day was not today.
#detectioncoverage
Despite the promising title of this blog post by John Vester 'Why the MITRE ATT&CK Framework Actually Works', its a load of crock.
You can't and shouldn't use MITRE #ATT&CK to prove any sort of detection coverage or 'strong points'. At best, you can prove total absence in certain subtechniques.
If you want to do any sort of data driven #detectioncoverage you need #OpenTide -> there's no way around it.
https://levelup.gitconnected.com/why-the-mitre-att-ck-framework-actually-works-29ac26d2d20c
ATT&CK is still ♥️ 😍 tho.
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst