Currently, the CybOX platform structure is explicitly bound to the use of
CPE through a set of custom elements largely mimicking the NIST CPE
dictionary from the National Vulnerability Database. This is not adaptable
to the use of other platform naming schemes and structures and ends up being
fairly heavyweight for CPE support. The attached proposal suggests a more
lightweight and flexible mechanism for platform identification.
This corresponds to item #8 in the CybOX Project/Schemas issue tracker on
GitHub. (https://github.com/CybOXProject) Please note that this is not
describing an accepted change but rather is a proposal being put forward for
community review and feedback. Comments and concerns with regard to this
proposal are welcome - please send comments in response to this message.