Privacy Policy

Effective Date: 1 July 2021

The MITRE Corporation ("MITRE") respects the privacy of its website users.

This Privacy Policy explains the types of information collected by MITRE ATT&CK® from website visitors ("User") or that you provide to MITRE through other means, such as via e-mail and web forms (collectively "Site"), and how MITRE uses, shares, protects, and retains that information. By visiting the Site, you understand and agree to terms outlined in this Privacy Policy.

Information Collected from Cookies on Web Traffic Reporting and Content Tools

"Cookies" are data that may be sent to your web browser and stored on your computer. Most web browsers can be configured not to accept cookies, or to notify you if a cookie is sent to you. If you wish not to have cookies set during your visit to this MITRE managed Site, you can disable them in your web browser.

The MITRE ATT&CK website is hosted on GitHub®. MITRE and GitHub use a free third-party software service called Google Analytics® to capture and analyze non-personally identifiable website usage information.

MITRE logs all accesses and the following information is recorded for each Site user: IP address, date and time of access, the requested URL, the referring URL (if provided by the Web browser), and the browser type (if provided by the Web browser). The IP address and its associated domain name (if any) are used to determine broad demographic information. The IP address may be used to track how users navigate through the Site.

MITRE additionally collects User-entered keyword search strings to gauge User interest in specific types of vulnerability information. Each access of an individual ATT&CK entry or candidate page is used to gauge User interest. Web log information may be provided to limited research groups within MITRE to support research related to the World Wide Web. This information does not identify you personally. MITRE may store such information, or it may be included in databases owned and maintained by our service providers.

For specific information about GitHub's collection and use of information collected from Cookies on web traffic reporting and content tools, please review GitHub's Terms of Use and Privacy Policy at https://docs.github.com/en/github/site-policy.

Information Collected from User Subscriptions, E-mail, and Web Forms

Information that User subscribers may provide, such as company name, location, or job function, is used to determine broad demographic and non-personally identifiable information regarding the types of users of these mailing lists. User subscribers are not required to provide this information. MITRE may provide broad non-personally identifiable demographic information to other organizations.

ATT&CK-related mailing lists that are sponsored by MITRE are configured to prevent attackers from identifying the subscribers to such mailing lists.

Any User personal information provided to MITRE for inclusion on subscription mailing lists for ATT&CK evaluations will be governed under the MITRE Engenuity® privacy policy, https://mitre-engenuity.org/privacy.

Users may contact MITRE electronically, via the Contact Us page. MITRE may share the information that you provide to us via e-mail within the corporation to respond to your queries, but we do not provide information to anyone outside of the corporation unless required by law to do so.

Due Diligence for Intrusion Detection, Prevention, and Reporting

MITRE performs due diligence to preserve the integrity of the information on the Site. MITRE uses various logging and tracking mechanisms to support the detection, reporting, or recovery from attempted intrusions into attack.mitre.org. MITRE reserves the right to use all available technologies without notice to protect its networks from unauthorized use, and to report attempted intrusions to the appropriate authorities.

Information Collected from Third Party Software and Media Sites

When Users visit the Site, Users may link to third party software and/or media sites when they link to another party's website. MITRE does not collect any information that may be collected by that third party; however, information you supply to that third-party software may be collected and/or used by that party. For information about that third party's privacy policy, please see their respective website.

Changes to Our Privacy Policy

The Site may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. Accordingly, MITRE reserves the right to update or modify this Privacy Policy at any time and from time to time without prior notice. Please review this policy periodically, and especially before you provide any information. Your continued use of the Site after any changes or revisions to this Privacy Policy shall indicate your agreement with the terms of such revised Privacy Policy.