[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [csaf] Discussion on Generic Software Identification Parameter/Attribute
Sorry that I was not able to join the call today.
Just for awareness.
The STIX2.x standard uses CPE as one of the primary options when defining intelligence related to software applications, tools...etc.
If you want the specific section in the STIX spec look at the cyber observable document.
https://docs.google.com/document/d/1epBSNorAYmBVfFnIKNgDzPSXLapL13Jmsmw-WsVfUoY/edit#heading=h.7rkyhtkdthok
Cyber observables are objects that can be contained within observed data objects within STIX. Typically this would be used by someone reporting on a particular software application tied to an intel data event.
Allan
ïOn 10/31/18, 3:02 PM, "csaf@lists.oasis-open.org on behalf of Mr. Omar Santos" <csaf@lists.oasis-open.org on behalf of osantos@cisco.com> wrote:
Hi folks,
Thank you all for your participation during today's meeting. As a follow up, the following are a few references about CPE, SWID, CO-SWID, and SPDX.
Official Common Platform Enumeration (CPE) Dictionary
https://nvd.nist.gov/products/cpe
Software ID (SWID) Tags ISO Standard:
ISO/IEC 19770-2:2015
Guidelines for the Creation of Interoperable Software Identification (SWID) Tags
https://nvlpubs.nist.gov/nistpubs/ir/2016/NIST.IR.8060.pdf
Concise Software Identifiers (IETF draft-ietf-sacm-coswid-07)
https://tools.ietf.org/html/draft-ietf-sacm-coswid-07
Software Package Data Exchange (SPDX)
https://spdx.org
https://spdx.org/specifications
NTIA Software Component Transparency Website:
https://www.ntia.doc.gov/SoftwareTransparency
The following is an excerpt of CSAF/CVRF 1.2 Section 5.1.2 Product Tree  Full Product Name
http://docs.oasis-open.org/csaf/csaf-cvrf/v1.2/cs01/csaf-cvrf-v1.2-cs01.html#_Toc493508905
5.1.2 Product Tree  Full Product Name
Element prod:FullProductName
 The prod:FullProductName element MUST be a child of cardinality [1, â] for all possible locations inside the product tree representation.  [CSAF-5.1.2-1]
This elements instances have multiple possible parent elements: prod:ProductTree, prod:Releationship, and prod:Branch.
The prod:FullProductName elements define the endpoints of the Product Tree and occur either directly at the root level, at the branch level, or as the result of a relationship between two products.
The value of a Full Product Name element should be the productÂs full canonical name, including version number and other attributes, as it would be used in a human-friendly document.
Attribute ProductID
The ProductID attribute is a token required to identify a Full Product Name so that it can be referred to from other parts in the document.
There is no predefined or required format for the ProductID as long as it uniquely identifies a product in the context of the current document.
Attribute CPE
The (Common Platform Enumeration) CPE attribute refers to a method for naming platforms external to CSAF CVRF.
 The CPE attribute if present MUST have a value, that is a valid cpe-lang:namePattern as defined in the external specification [CPE23_N] and related schemas.  [CSAF-5.1.2-2]
I would like to continue the discussion on next steps to support a generic parameter/attribute in CSAF 2.0.
Best regards,
Omar Santos
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]