Common Platform Enumeration
Common Platform Enumeration (CPE) is an industry standard for a uniform naming convention for information technology systems, platforms and software packages. Together with the CVE, the aim is to ensure that weak points in systems are identified clearly and in a comparable manner. The CPE standard consists of a syntax description for CPE names, a CPE language description for XML , an algorithm specification for comparing CPE names and a directory of all previously registered products (CPE dictionary).
CPE is part of SCAP and is administered by NIST. CPE was originally promoted by MITER Corporation . In spring 2013, MITER announced the handover to NIST.
Structure of the CPE names
Based on the generic syntax for URI , the CPE standard contains a formal description of how a particular product is to be named. Each CPE name begins with “cpe: /”, followed by a letter to distinguish whether it is hardware (“h”), an operating system (“o”) or an application (“a”).
cpe: / {part}: {vendor}: {product}: {version}: {update}: {edition}: {language}
Example:
| Vendor: | redhat |
| Product: | enterprise_linux |
| Version: | 3 |
| Revision: | ga |
| Edition: | it |
results in cpe: / o: redhat: enterprise_linux: 3: ga: desktop