The MITRE ATT&CK knowledgebase describes cyber adversary behavior and provides a common taxonomy for both offense and defense. It has become a useful tool across many cyber security disciplines to convey threat intelligence, perform testing through red teaming or adversary emulation, and improve network and system defenses against intrusions. The process MITRE used to create ATT&CK, and the philosophy that has developed for curating new content, are critical aspects of the work and are useful for other efforts that strive to create similar adversary models and information repositories.