[debian][CPE] declaration of Debian CPE entry to MITRE
Philippe Thierry
phil at reseau-libre.net
Thu May 25 15:50:40 UTC 2017
Hello!
Yes, today is my SPAM day :)
I've got a question about the definition of the Debian OS distribution
CPE (Common Platform Enumeration) declaration to the MITRE.
Up to the Debian (debian GNU/Linux)) 8.0, Debian has declared the OS
releases to the MITRE and is visible in the CPE search tool of the NIST:
https://nvd.nist.gov/products/cpe/search/results?keyword=debian_linux&status=FINAL&orderBy=CPEURI&namingFormat=2.3&startIndex=20
There is no more declarations for other versions (8.x, x > 0) and for
Debian/kfreeBSD.
As SCAP security guide team member managing the Debian (& Ubuntu)
targets, the CPE entries of Debian is a requirement to support Debian as
a target for SCAP security policy compliance checks & remediations
(XCCDF benchmarks) and for various OVAL check (e.g. CVE checks, much
like debsecan).
Do you know who is managing the declaration of the Debian
operating-system against the MITRE ?
Thanks!
--
Philippe.
More information about the Pkg-security-team
mailing list