Re: [cti-cybox] Software object - reccomend to use CPE?

["Coderre, Robert" <rcoderre@verisign.com>]

I would support using CPE as a SHOULD in this case. It's what we've standardized on as a product identifier. 

CPE is not without its limitations, but it's better than a free form text field.  Although, for giggles, you should look up Internet Explorer in the CPE dictionary at the NVD site...

--

Rob Coderre

iDefense, Director of Product Management

Verisign, Inc.

rcoderre@verisign.com

o: +1 703-948-3833

m: +1 571-224-4627

On Sep 22, 2016, at 8:41 PM, Jason Keirstead <Jason.Keirstead@ca.ibm.com> wrote:

I have concerns about the Cybox "software" object, and how it is so free-form with no real limitations.

Based on experience of trying to map things based on software names, it will descend into a mess. You will have some vendors using the word "MSIE" and others using "Microsoft IE" and others using "Internet Explorer" and others using "Microsoft Internet Explorer", all in the same field (this is just one example).

Should we perhaps instead look to use CPE? Or at least suggesting using CPE where it fits as a SHOULD ? Why are we reinventing the wheel when CPE solved this...

-
Jason Keirstead
STSM, Product Architect, Security Intelligence, IBM Security Systems
http://www.ibm.com/security | http://www.securityintelligence.com

Without data, all you are is just another person with an opinion - Unknown

Attachment: smime.p7s
Description: S/MIME cryptographic signature