Quantcast

CPE Current Version access and information.....

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

CPE Current Version access and information.....

Kent Landfield
I have noticed we have a confusing situation that exists. I see that cpe.mitre.org has the 2.2 version of the specification as the current specification… You need to dig a bit on the NIST site to find the 2.3 versions.

Can we get MITRE and NIST to work this out so the MITRE sites references the correct current version(s) ?  And so we have a combined page that has the historical version and the current version?

Thanks.

Kent Landfield
Director Content Strategy, Architecture and Standards

McAfee, Inc.
5000 Headquarters Dr.
Plano, Texas 75024

Direct: +1.972.963.7096
Mobile: +1.817.637.8026
Web: www.mcafee.com<http://www.mcafee.com/>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: CPE Current Version access and information..... (UNCLASSIFIED)

WOLFKIEL, JOSEPH L CIV DISA PEO-MA
Classification:  UNCLASSIFIED
Caveats: NONE

I haven't been paying this too much attention.  When was the cutoff date when 2.2 was deprecated and 2.3 became the current version?  We're still using 2.2 in the DoD--the format described in the 2.3 spec that uses tildes to separate items in the edition field.

Joseph L. Wolfkiel
Engineering Group Lead
DISA PEO MA/IA52
(301) 225-8820
[hidden email]


-----Original Message-----
From: Kent Landfield [mailto:[hidden email]]
Sent: Thursday, December 15, 2011 2:06 PM
To: [hidden email]
Subject: [CPE-DISCUSSION-LIST] CPE Current Version access and information.....

I have noticed we have a confusing situation that exists. I see that cpe.mitre.org has the 2.2 version of the specification as the current specification. You need to dig a bit on the NIST site to find the 2.3 versions.

Can we get MITRE and NIST to work this out so the MITRE sites references the correct current version(s) ?  And so we have a combined page that has the historical version and the current version?

Thanks.

Kent Landfield
Director Content Strategy, Architecture and Standards

McAfee, Inc.
5000 Headquarters Dr.
Plano, Texas 75024

Direct: +1.972.963.7096
Mobile: +1.817.637.8026
Web: www.mcafee.com<http://www.mcafee.com/>
Classification:  UNCLASSIFIED
Caveats: NONE


smime.p7s (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: CPE Current Version access and information.....

McCormick, Christopher [USA]
In reply to this post by Kent Landfield
Brant,

  Please let NIST know how we can assist with this where appropriate.  I'm fairly confident the MITRE team is aware where the links are on the NIST CSRC for each of the new specifications that make up 2.3, but for convenience they are:

CPE Naming Specification Version 2.3 – NISTIR 7695:

http://csrc.nist.gov/publications/nistir/ir7695/NISTIR-7695-CPENaming.pdf

CPE Matching Specification Version 2.3 – NISTIR 7696:

http://csrc.nist.gov/publications/nistir/ir7696/NISTIR-7696-CPEMatching.pdf

CPE Dictionary Specification Version 2.3 – NISTIR 7697:

http://csrc.nist.gov/publications/nistir/ir7697/NISTIR-7697-CPEDictionary.pdf

CPE Language Specification Version 2.3 – NISTIR 7698:

http://csrc.nist.gov/publications/nistir/ir7698/NISTIR-7698-CPELanguage.pdf

-Chris
________________________________________
From: Kent Landfield [[hidden email]]
Sent: Thursday, December 15, 2011 2:05 PM
To: [hidden email]
Subject: [CPE-DISCUSSION-LIST] CPE Current Version access and information.....

I have noticed we have a confusing situation that exists. I see that cpe.mitre.org has the 2.2 version of the specification as the current specification… You need to dig a bit on the NIST site to find the 2.3 versions.

Can we get MITRE and NIST to work this out so the MITRE sites references the correct current version(s) ?  And so we have a combined page that has the historical version and the current version?

Thanks.

Kent Landfield
Director Content Strategy, Architecture and Standards

McAfee, Inc.
5000 Headquarters Dr.
Plano, Texas 75024

Direct: +1.972.963.7096
Mobile: +1.817.637.8026
Web: www.mcafee.com<http://www.mcafee.com/>
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: CPE Current Version access and information..... (UNCLASSIFIED)

Brant Cheikes
In reply to this post by WOLFKIEL, JOSEPH L CIV DISA PEO-MA
MITRE is, in fact, in the process of preparing a major revision to the
cpe.mitre.org website that makes clear that 2.3 is the current version,
while retaining information about 2.2.  It's taking some time since it
entails more than just a few quick patches to a few links.

The question about deprecation date for cpe v2.2 is an interesting one.  As
far as MITRE is concerned, CPE 2.3 is the "current version" and the one we'd
recommend that new users adopt if we were making such a recommendation
outside the context of SCAP.  The reality is that SCAP 1.1 still requires
CPE 2.2, and thus NIST continues to support a 2.2-conformant CPE Dictionary.
CPE 2.2 will never truly be "deprecated" until SCAP 1.1 reaches its end of
life.  In the meantime, NIST is working on a CPE 2.3-conformant Dictionary
but has yet to release it.  Until that happens we're in a bit of a grey area
in which CPE 2.3 is the current version, required by SCAP 1.2, but the
requisite Dictionary is not yet supported by NIST.  Perhaps NIST could
update the CPE community on their plans w/r/t CPE 2.3 Dictionary support?

Cheers,
/Brant

Brant A. Cheikes
The MITRE Corporation
202 Burlington Road, M/S K302
Bedford, MA 01730-1420
Tel. 781-271-7505; Cell. 617-694-8180; Fax. 781-271-2352


-----Original Message-----
From: WOLFKIEL, JOSEPH L CIV DISA PEO-MA [mailto:[hidden email]]
Sent: Thursday, December 15, 2011 2:36 PM
To: cpe-discussion-list CPE Community Forum
Subject: Re: [CPE-DISCUSSION-LIST] CPE Current Version access and
information..... (UNCLASSIFIED)

Classification:  UNCLASSIFIED
Caveats: NONE

I haven't been paying this too much attention.  When was the cutoff date
when 2.2 was deprecated and 2.3 became the current version?  We're still
using 2.2 in the DoD--the format described in the 2.3 spec that uses tildes
to separate items in the edition field.

Joseph L. Wolfkiel
Engineering Group Lead
DISA PEO MA/IA52
(301) 225-8820
[hidden email]


-----Original Message-----
From: Kent Landfield [mailto:[hidden email]]
Sent: Thursday, December 15, 2011 2:06 PM
To: [hidden email]
Subject: [CPE-DISCUSSION-LIST] CPE Current Version access and
information.....

I have noticed we have a confusing situation that exists. I see that
cpe.mitre.org has the 2.2 version of the specification as the current
specification. You need to dig a bit on the NIST site to find the 2.3
versions.

Can we get MITRE and NIST to work this out so the MITRE sites references the
correct current version(s) ?  And so we have a combined page that has the
historical version and the current version?

Thanks.

Kent Landfield
Director Content Strategy, Architecture and Standards

McAfee, Inc.
5000 Headquarters Dr.
Plano, Texas 75024

Direct: +1.972.963.7096
Mobile: +1.817.637.8026
Web: www.mcafee.com<http://www.mcafee.com/>
Classification:  UNCLASSIFIED
Caveats: NONE


smime.p7s (4K) Download Attachment
Loading...