Merge pull request #10 from initstring/mitre-license

initstring · web-flow · commit 47a224438cfe · 2025-09-20T17:33:05.000+10:00
Add MITRE licensing info
diff --git a/README.md b/README.md
@@ -33,3 +33,9 @@ See [AGENTS.md](AGENTS.md) for engineering standards.
 Initially based on the T3 Stack - Next.js, tRPC, Prisma, TypeScript. Type-safe APIs, server-side rendering, and component-driven design.
 
 Local development uses sqlite and the node server. "Production" installation uses docker-compose, postgres, and BYO-reverse-proxy.
+
+## Licensing
+
+The MITRE ATT&CK data included in this project is pulled directly from [their CTI project](https://github.com/mitre/cti), which requests the following statement be included:
+
+> "© 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation."
diff --git a/data/mitre/LICENSE b/data/mitre/LICENSE
@@ -0,0 +1,38 @@
+ATT&CK®
+===========================
+License
+-------
+The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use ATT&CK® for research,
+development, and commercial purposes. Any copy you make for such purposes is authorized provided that you reproduce
+MITRE's copyright designation and this license in any such copy.
+
+"© 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation."
+
+Disclaimers
+-----------
+MITRE does not claim ATT&CK enumerates all possibilities for the types of actions and behaviors documented as part
+of its adversary model and framework of techniques. Using the information contained within ATT&CK to address or
+cover full categories of techniques will not guarantee full defensive coverage as there may be undisclosed techniques
+or variations on existing techniques not documented by ATT&CK.
+
+ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE
+ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
+AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE
+USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
+FOR A PARTICULAR PURPOSE.
+
+CAPEC™
+===========================
+License
+-------
+The MITRE Corporation (MITRE) hereby grants you a non-exclusive, royalty-free license to use Common Attack Pattern
+Enumeration and Classification (CAPEC™) for research, development, and commercial purposes. Any copy you make for
+such purposes is authorized provided that you reproduce MITRE’s copyright designation and this license in any such copy.
+
+Disclaimers
+-----------
+ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE
+ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
+AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE
+USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
+FOR A PARTICULAR PURPOSE.
