Some javascript/style in this post has been disabled (
why?)
Hi
all,
Can
someone please help me in understanding why some of the products have both CPE
entries with version and general ones (with no version etc. just the first 3
components), and some have only CPE entries with versions? Is this intentional?
Example:
and
also
- cpe:/a:3com:3c16115-us:2.01
are
both in the dictionary,
But
is
not in the dictionary, while the following are:
- cpe:/a:apache:nutch:0.8.1
- cpe:/a:apache:nutch:0.9
Can
I use a left part of a CPE entry as a CPE?
Would
it be considered as being CPE compliant if I use such an item as a product on
my list?
(It
seems so according to the spec http://cpe.mitre.org/specification/archive/version2.2/cpe-specification_2.2.pdf
)
E.g.
using " cpe:/a:apache:nutch"
If
it is acceptable, then what would I use as a title in this case? Is the title
not part of the CPE dictionary?
I
would like, of course, to use the title that the similar CPEs have without the
version (i.e. "Apache Nutch"), but I'm not sure if this would work
smoothly in automation in the cases where the title is not exactly the same as
the URI components.
My
intention is to maintain a products list without versions, editions etc. as a
first stage.
Any
suggestions from those of the vendors out there that are already CPE-compliant?
Thank
you very much,
Stav
Kaufman,
Skybox
Security
