Objectives for CPE v2.3

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Objectives for CPE v2.3

Brant Cheikes

CPE Community,


We want to thank those of you who participated in the CPE Developer Days Workshop on February 22 and those who completed the CPE Stakeholder Survey. Your contribution was invaluable in determining how CPE can better meet the needs of the community. CPE will be a better standard in the near future thanks to your efforts. The CPE Workshop was the beginning of a fresh approach for CPE development in which the community will actively drive the development of the standard with the Core Team’s support and guidance. The CPE technical working groups (TWGs) will be a key part of this community-driven approach. More information about the CPE TWGs is coming soon. For those of you who could not participate in the CPE Developer Days Workshop, the minutes and slides are posted at: http://measurablesecurity.mitre.org/participation/devdays.html


Today, we would like to share our thoughts with you regarding near term goals for achieving an improved, more usable version 2.3 of the CPE specification. These goals are wholly based on CPE community needs and proposed solutions that were collected from the CPE Developer Days Workshop, the CPE Stakeholder Survey, community contributions to the CPE Discussion list, and CPE stakeholder interviews. We want you to know that we are listening and we intend to take quick action to improve the utility and usability of CPE in the near future. Our immediate goal is to release a candidate 2.3 specification to be included in the next release of SCAP. This means that the specification must be in its final form by July 31, 2010. The development of CPE 2.3 will be an interactive, community-driven activity in which we will be soliciting the community’s advice early and often.


While we have an aggressive plan for an intense round of rapid improvement, this is a time-constrained activity with limited resources. Therefore the goal is to implement as many of the proposed changes as possible in the time allowed. The unordered list of candidate changes for CPE version 2.3 is:


1.   Remove the prefix property;

2.   Remove the requirements that CPE names be encoded and exchanged as URIs;

3.   Add support for distinct namespaces;

4.   Provide at least partial support for an extensible vocabulary of tags;

5.   Revise the matching algorithm;

6.   Divide the specification into a set of modular related specifications. Proposed division boundaries include: a naming specification, the CPE dictionary specification, CPE matching specification, CPE language specification, and possibly also a high level common umbrella specification.


While there are other proposed changes that are equally valid and important, these changes were chosen for the following reasons:


1.   They were widely requested;

2.   We believe we can implement them without breaking backward compatibility with v2.2;

3.   They have the potential to be implemented in the limited time available.


It is important to understand that this message is not a promise to achieve all of these goals. Rather, we intend to achieve as many as possible within the given timeframe and with the available resources. Our success is partly dependent on community participation. You will have many opportunities to participate in the development of CPE, including participation on the Core Team and TWGs as well as direct contribution to specification development. The future of CPE will be what you make it, so please contribute as much as you are able with the understanding that we will all benefit from the result.


The Core Team is currently working hard to outline a process and major milestones for producing CPE version 2.3. We will be sharing that information with you sometime next week.


Thanks again for helping to make CPE a better standard.


Best regards,



Brant A. Cheikes
The MITRE Corporation
202 Burlington Road, M/S K302
Bedford, MA 01730-1420
Tel. 781-271-7505; Cell. 617-694-8180; Fax. 781-271-2352