Add CPE entries for base products to CPE dictionary?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Add CPE entries for base products to CPE dictionary?

Jan-Oliver Wagner-3
Hello,

during my work on OpenVAS and adding some sort of automated detection capability
reporting I identified the desire to have base product names in the official
CPE dictionary.

Example:

cpe:/a:openssl:openssl

with title

OpenSSL Project OpenSSL


Currently, the dictionary contains only entries with specific version numbers.
Which are repeated in the the title.
So, clean titles (possibly in different languages) about the products as such
are not available.


Has this idea been discussed already?
Any pros or cons?

All the best

Jan

--
Dr. Jan-Oliver Wagner |  ++49-541-335084-0  |  http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Reply | Threaded
Open this post in threaded view
|

Re: Add CPE entries for base products to CPE dictionary?

Sebastien Aucouturier
Jan you hack my brain ;-)
we talk about that in our last days brainstorm session  and  i was
preparing a mail with the same requirement.
So no doubt that i supply your ask.
Thanks to start the discuss.

Le 01/03/2013 17:01, Jan-Oliver Wagner a écrit :

> Hello,
>
> during my work on OpenVAS and adding some sort of automated detection
> capability
> reporting I identified the desire to have base product names in the
> official
> CPE dictionary.
>
> Example:
>
> cpe:/a:openssl:openssl
>
> with title
>
> OpenSSL Project OpenSSL
>
>
> Currently, the dictionary contains only entries with specific version
> numbers.
> Which are repeated in the the title.
> So, clean titles (possibly in different languages) about the products
> as such
> are not available.
>
>
> Has this idea been discussed already?
> Any pros or cons?
>
> All the best
>
> Jan

--
"Le saviez-vous ? la technologie d'ITrust va sécuriser le cloud
français"

     | Sébastien AUCOUTURIER | Responsable R&D
     | ITrust | 55 L'Occitane 31670 LABEGE
     | Email: [hidden email]
     | Fixe Sdt. 05.67.34.67.80
     | IT Security Services & SaaS Editor
Reply | Threaded
Open this post in threaded view
|

Re: Add CPE entries for base products to CPE dictionary?

Jan-Oliver Wagner-3
Hello,

so far I saw no Cons, just Pros.
Thats good :-)

I assume it is not a matter of CPE specification to adopt the idea
but rather a matter whether NIST likes to adopt the idea for
the CPE dictionary.
Therefore I added them to CC for a comment.

I do not expect NIST to add all of such entries on their own.
I am already happy if respective submissions will be added to
the official dictionary.

All the best

Jan

On Freitag, 1. März 2013, Sebastien Aucouturier wrote:

> Jan you hack my brain ;-)
> we talk about that in our last days brainstorm session  and  i was
> preparing a mail with the same requirement.
> So no doubt that i supply your ask.
> Thanks to start the discuss.
>
> Le 01/03/2013 17:01, Jan-Oliver Wagner a écrit :
> > Hello,
> >
> > during my work on OpenVAS and adding some sort of automated detection
> > capability
> > reporting I identified the desire to have base product names in the
> > official
> > CPE dictionary.
> >
> > Example:
> >
> > cpe:/a:openssl:openssl
> >
> > with title
> >
> > OpenSSL Project OpenSSL
> >
> >
> > Currently, the dictionary contains only entries with specific version
> > numbers.
> > Which are repeated in the the title.
> > So, clean titles (possibly in different languages) about the products
> > as such
> > are not available.
> >
> >
> > Has this idea been discussed already?
> > Any pros or cons?
> >
> > All the best
> >
> > Jan
>



--
Dr. Jan-Oliver Wagner |  ++49-541-335084-0  |  http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Reply | Threaded
Open this post in threaded view
|

Re: Add CPE entries for base products to CPE dictionary?

Jan-Oliver Wagner-3
Hello,

I got a detailed offlist reply.

The short answer is: no, because specification does not allow it.

Best

        Jan

On Mittwoch, 6. März 2013, Jan-Oliver Wagner wrote:

> Hello,
>
> so far I saw no Cons, just Pros.
> Thats good :-)
>
> I assume it is not a matter of CPE specification to adopt the idea
> but rather a matter whether NIST likes to adopt the idea for
> the CPE dictionary.
> Therefore I added them to CC for a comment.
>
> I do not expect NIST to add all of such entries on their own.
> I am already happy if respective submissions will be added to
> the official dictionary.
>
> All the best
>
> Jan
>
> On Freitag, 1. März 2013, Sebastien Aucouturier wrote:
> > Jan you hack my brain ;-)
> > we talk about that in our last days brainstorm session  and  i was
> > preparing a mail with the same requirement.
> > So no doubt that i supply your ask.
> > Thanks to start the discuss.
> >
> > Le 01/03/2013 17:01, Jan-Oliver Wagner a écrit :
> > > Hello,
> > >
> > > during my work on OpenVAS and adding some sort of automated detection
> > > capability
> > > reporting I identified the desire to have base product names in the
> > > official
> > > CPE dictionary.
> > >
> > > Example:
> > >
> > > cpe:/a:openssl:openssl
> > >
> > > with title
> > >
> > > OpenSSL Project OpenSSL
> > >
> > >
> > > Currently, the dictionary contains only entries with specific version
> > > numbers.
> > > Which are repeated in the the title.
> > > So, clean titles (possibly in different languages) about the products
> > > as such
> > > are not available.
> > >
> > >
> > > Has this idea been discussed already?
> > > Any pros or cons?
> > >
> > > All the best
> > >
> > > Jan
> >
>
>
>



--
Dr. Jan-Oliver Wagner |  ++49-541-335084-0  |  http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner