Will CPE be expanded to track "previous versions"?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Will CPE be expanded to track "previous versions"?

Are there plans to integrate some sort of progression from one version to
the next? For example, CVE-2010-0743
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0743> specifies:

cpe:/a:zaal:tgt:0.9.5 and previous versions

There does not seem to be any way to walk the CPE tree for "previous". It
cannot be done by the names, as Windows NT 4.0, Windows 2000, Windows XP and
Windows 7 have a commonly known order, but nothing machine-discernable seems
to exist to denote "previous".

Would there be any way to carry this mapping across product names / vendors?
If I recall correctly, iPlanet 4.0 was acquired and became Sun iPlanet 4.1,
then Sun ONE Web Server 5, then Sun Java System Web Server 6 and 7.  Iplanet
and Sun ONE would both be candidates for "previous" in relation to Sun Java
System Web Server 7.

Seth Hanford
Cisco IntelliShield