Changelog

Version History

3.0 – May 8th, 2025

This release includes our “Ambiguous Techniques” research, which defines what makes a technique ambiguous, identifies examples of ambiguous techniques in MITRE ATT&CK, and contributes new best practices for building robust detections for ambiguous techniques.

2.0 – December 17th, 2024

This major update defines “robustness” in the context of detection engineering, how to quantify robustness and how to improve it in your existing detections. This release also adds new elements to the STP model for scoring network detections.

1.0 – September 14th, 2023

The initial release of Summiting the pyramid includes the model, methodology, definitions, and worked examples.

Acknowledgements

The Summiting the Pyramid project team includes:

• Michaela Adams

• Roman Daszczyszak

• Michael Esposito

• Antonia Feffer

• Mark Fernandez

• Steve Luke

• Robert Schull

• Sean Sweeney

• Ross Weisman

• Olivia Williams

The Ambiguous Techniques project team includes:

• Antonia Feffer

• Devon Ellis

• Kayla Kraines

• Robert Schull

• Robert Shovan

• Sean Sweeney

Additional thanks for contributing time, resources, and technical review:

• Robleh Esa

• August Moore

• Roberto Rodriguez

• SpecterOps

• UltimateWindowsSecurity