Making Security Measurable › CPE - Common Platform Enumeration

Product list for the CPE Dictionary

3 messages Options
Embed this post
Permalink
Wolfkiel, Joseph

Product list for the CPE Dictionary

Reply Threaded More More options
Print post
Permalink
Drew, List members,

As a follow-on to my submission Monday, here are the vendor/product
combinations from one of our Asset databases.
Please add them to the queue for the CPE dictionary.  I plan to have the
product-only cpe names to you by Friday.

- Joe Wolfkiel
Lt Col Joseph L. Wolfkiel


 <<ProductCPEDictionary.xml>>

Lt Col Joseph L. Wolfkiel

Director, Computer Network Defense Research & Technology (CND R&T) Program
Management Office

9800 Savage Rd Ste 6767
Ft Meade, MD 20755-6767
Commercial 410-854-5401 DSN 244-5401
Fax 410-854-6700



ProductCPEDictionary.xml (180K) Download Attachment
Mark J Cox-2

Re: Product list for the CPE Dictionary

Reply Threaded More More options
Print post
Permalink
> Please add them to the queue for the CPE dictionary.  I plan to have the
> product-only cpe names to you by Friday.

There are conflicts in that dictionary with the official Red Hat names,
please use the existing ones.  (We made a number of fixes since the 2.0
disctionary available from nvd).

Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team
Wolfkiel, Joseph

Re: Product list for the CPE Dictionary

Reply Threaded More More options
Print post
Permalink
In reply to this post by Wolfkiel, Joseph
Thanks for pointing this out.  

Your observation further highlights the need for a submission management
process.  It seems like when someone submits names that  are redundant,
deemed to not be valid CPEs (some obvious errors were pointed out to me this
morning), or are re-mapped to different names, we need to have a mechanism
to say what the disposition was.  More importantly, the submitter should be
given the mapping of the submitted CPE names to the validated final names
that result along with error messages for CPEs that can't be mapped or
validated.

Obviously, this is a manpower problem.  We'll be talking with NIST and MITRE
about how the submission, validation, and tracking processes should work.

Lt Col Joseph L. Wolfkiel

Director, Computer Network Defense Research & Technology (CND R&T) Program
Management Office

9800 Savage Rd Ste 6767
Ft Meade, MD 20755-6767
Commercial 410-854-5401 DSN 244-5401
Fax 410-854-6700


-----Original Message-----
From: Mark J Cox [mailto:[hidden email]]
Sent: Thursday, February 07, 2008 4:46 AM
To: [hidden email]
Subject: Re: [CPE-DISCUSSION-LIST] Product list for the CPE Dictionary


> Please add them to the queue for the CPE dictionary.  I plan to have the
> product-only cpe names to you by Friday.

There are conflicts in that dictionary with the official Red Hat names,
please use the existing ones.  (We made a number of fixes since the 2.0
disctionary available from nvd).

Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team
Free Embeddable Forum Powered by Nabble Help