"MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices"

The MITRE Corporation has made "EMB3D," a threat-modeling framework for vendors of embedded devices used in critical infrastructure environments, officially available. According to the non-profit corporation, the model aims to create a shared understanding of embedded device cyber threats and the security measures needed to mitigate them. The model's draft, developed in collaboration with Niyo 'Little Thunder' Pearson, Red Balloon Security, and Narf Industries, was released on December 13, 2023. Like the ATT&CK framework, EMB3D is expected to be a "living framework," adding and updating mitigations as new threat actors, vulnerabilities, and attack vectors emerge, but with the focus being on embedded devices. This article continues to discuss the goals of EMB3D. 

THN reports "MITRE Unveils EMB3D: A Threat-Modeling Framework for Embedded Devices"

Submitted by grigby1

Submitted by Gregory Rigby on