want to thank those of you who participated in the CPE Developer Days Workshop
on February 22 and those who completed the CPE Stakeholder Survey. Your
contribution was invaluable in determining how CPE can better meet the needs of
the community. CPE will be a better standard in the near future thanks to your
efforts. The CPE Workshop was the beginning of a fresh approach for CPE
development in which the community will actively drive the development of the
standard with the Core Team’s support and guidance. The CPE technical
working groups (TWGs) will be a key part of this community-driven approach.
More information about the CPE TWGs is coming soon. For those of you who could
not participate in the CPE Developer Days Workshop, the minutes and slides are
posted at: http://measurablesecurity.mitre.org/participation/devdays.html
we would like to share our thoughts with you regarding near term goals for
achieving an improved, more usable version 2.3 of the CPE specification. These
goals are wholly based on CPE community needs and proposed solutions that were
collected from the CPE Developer Days Workshop, the CPE Stakeholder Survey,
community contributions to the CPE Discussion list, and CPE stakeholder
interviews. We want you to know that we are listening and we intend to take
quick action to improve the utility and usability of CPE in the near future.
Our immediate goal is to release a candidate 2.3 specification to be included
in the next release of SCAP. This means that the specification must be in its
final form by July 31, 2010. The development of CPE 2.3 will be an interactive,
community-driven activity in which we will be soliciting the community’s
advice early and often.
we have an aggressive plan for an intense round of rapid improvement, this is a
time-constrained activity with limited resources. Therefore the goal is to
implement as many of the proposed changes as possible in the time allowed. The
unordered list of candidate changes for CPE version 2.3 is:
the prefix property;
the requirements that CPE names be encoded and exchanged as URIs;
support for distinct namespaces;
at least partial support for an extensible vocabulary of tags;
the matching algorithm;
the specification into a set of modular related specifications. Proposed
division boundaries include: a naming specification, the CPE dictionary
specification, CPE matching specification, CPE language specification, and
possibly also a high level common umbrella specification.
While there are other proposed changes that
are equally valid and important, these changes were chosen for the following
were widely requested;
believe we can implement them without breaking backward compatibility with
have the potential to be implemented in the limited time available.
is important to understand that this message is not a promise to achieve all of
these goals. Rather, we intend to achieve as many as possible within the given
timeframe and with the available resources. Our success is partly dependent on
community participation. You will have many opportunities to participate in the
development of CPE, including participation on the Core Team and TWGs as well
as direct contribution to specification development. The future of CPE will be
what you make it, so please contribute as much as you are able with the
understanding that we will all benefit from the result.
Core Team is currently working hard to outline a process and major milestones
for producing CPE version 2.3. We will be sharing that information with you
sometime next week.
again for helping to make CPE a better standard.
Brant A. Cheikes
The MITRE Corporation
202 Burlington Road, M/S K302
Bedford, MA 01730-1420
Tel. 781-271-7505; Cell. 617-694-8180; Fax. 781-271-2352