Making Security Measurable › CPE - Common Platform Enumeration

Re: Novell Product CPE Dictionary - 2007.07.10

2 messages Options
Embed this post
Permalink
Andrew Buttner

Re: Novell Product CPE Dictionary - 2007.07.10

Reply Threaded More More options
Print post
Permalink
Thank you for this submission.  I will make sure it gets included in
the upcoming release of the CPE Dictionary.

As for the metadata, the notes field is free-form at the current time
so I would not be concerned with including blank fields for
consistency.  I would just extract what is presently available.

Note that CPE as an initiative has stayed away from calling out
specific metadata fields (similar to the approach used by CVE).  We
have wanted to focus more on the ID and less on figuring out what
pieces of metadata are important.

thanks
Drew


> -----Original Message-----
> From: Thomas R. Jones [mailto:[hidden email]]
> Sent: Tuesday, July 10, 2007 6:47 PM
> To: cpe-discussion-list CPE Community Forum
> Subject: [CPE-DISCUSSION-LIST] Novell Product CPE Dictionary
> - 2007.07.10
>
> Hello all,
>
> Here is my submission for the beginning identification of the Novell
> products.
>
> Many of the commercial Novell products have values for the metadata
> included in these identifiers. However due to the open source
> nature of
> these distributions; they do not. Should we include this metadata(or
> lack thereof) to be consistent when other commercial products are
> identified at a later date? Or just extract this metadata and
> deal with
> it as the time comes?
>
> Thomas R. Jones
>

Thomas R. Jones

Re: Novell Product CPE Dictionary - 2007.07.10

Reply Threaded More More options
Print post
Permalink
On Wed, 2007-07-11 at 11:25 -0400, Buttner, Drew wrote:

> Thank you for this submission.  I will make sure it gets included in
> the upcoming release of the CPE Dictionary.
>=20
> As for the metadata, the notes field is free-form at the current time
> so I would not be concerned with including blank fields for
> consistency.  I would just extract what is presently available.
>=20
> Note that CPE as an initiative has stayed away from calling out
> specific metadata fields (similar to the approach used by CVE).  We
> have wanted to focus more on the ID and less on figuring out what
> pieces of metadata are important.
>=20
Very well. I will reparse the dictionary and release a revision based on
the identifier only without metadata. Hopefully the content is up-to-par
other than this issue.

Cheers.
Thomas R. Jones


3Dsignature.asc (200 bytes) Download Attachment
Free Embeddable Forum Powered by Nabble Help