References added

This commit is contained in:
Alexandre Dulaunoy 2016-05-05 15:31:32 +02:00
parent 6724f64b6d
commit ca4bbeeb28

View file

@ -61,4 +61,13 @@ Linux distributions (like Debian or Ubuntu) should introduce the possibility to
CPE references in vulnerable_configuration (in CVEs) tend to include the vulnerable operating system but not the vulnerable software itself. cpe:/a: is not always defined and only the vulnerable operating systems are mentioned. There are many potential improvements but the CPE management could be slightly improved with a collaborative approach to add or updates CPE entries. CPE references in vulnerable_configuration (in CVEs) tend to include the vulnerable operating system but not the vulnerable software itself. cpe:/a: is not always defined and only the vulnerable operating systems are mentioned. There are many potential improvements but the CPE management could be slightly improved with a collaborative approach to add or updates CPE entries.
Maybe software vendors (including free software authors and proprietary vendors) should include a list of CPE describing the software included in their distributions, appliance, IoT, mobile phone... to support the work of people and organization who try to do vulnerability management.
## References
- [cve-search project](https://github.com/cve-search/)
- [Debian Popularity Contest](http://popcon.debian.org/)
- [Add Common Platform Enumerator information to package meta information](https://wiki.debian.org/CPEtagPackagesDep) - time to restart this proposal...
[^1]: CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. [https://nvd.nist.gov/cpe.cfm](https://nvd.nist.gov/cpe.cfm) [^1]: CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name. [https://nvd.nist.gov/cpe.cfm](https://nvd.nist.gov/cpe.cfm)