Common Platform Enumeration

Common Platform Enumeration (CPE) is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name.^[1]

The CPE Product Dictionary provides an agreed upon list of official CPE names. The dictionary is provided in XML format and is available to the general public. The CPE Dictionary is hosted and maintained at NIST, may be used by nongovernmental organizations on a voluntary basis, and is not subject to copyright in the United States.^[1]

The CPE follows this format, maintained by NIST:
cpe:<cpe_version>:<part>:<vendor>:<product>:<version>:<update>:<edition>:<language>

<cpe_version> is the version of the cpe definition. The current cpe_version is 2.3.
<part> may have 1 of 3 values:

    "a" for Applications
    "h" for Hardware
    "o" for Operating Systems

<vendor> name of the organization providing the system/ package/ component
<product> name of the system/ package/ component. Product and Vendor are sometimes identical. Does not contain spaces, slashes, or most special characters. Does contain underscore and hyphen/ minus sign.
<version> version of the system/ package/ component
<update>
<edition> a further granularity describing the build of the system/ package/ component, beyond version
<language>

Examples: (* is wildcard)

cpe:2.3:a:ntp:ntp:4.2.8:p3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_7:-:sp2:*:*:*:*:*:*

References

^ ^a ^b "NVD - CPE Dictionary". nvd.nist.gov. Retrieved 2017-02-15. This article incorporates text from this source, which is in the public domain.

External links

This computer security article is a stub. You can help Wikipedia by expanding it.

[NIST-1] "NVD - CPE Dictionary". nvd.nist.gov. Retrieved 2017-02-15. This article incorporates text from this source, which is in the public domain.

[1]