From helpnetsecurity.com
Vulnerability reporters should start using MITRE ATT&CK technique references to describe what the attacker is trying to achieve by exploiting a given CVE-numbered vulnerability, the MITRE Engenuity team urges.
Mapping ATT&CK techniques to CVEs should make risk assessment easier