CPE - Common Platform Enumeration

Current Release: CPE Version 2.3

CPE™ is a standardized method of describing and identifying classes of applications, operating systems, and hardware devices present among an enterprise’s computing assets. CPE can be used as a source of information for enforcing and verifying IT management policies relating to these assets, such as vulnerability, configuration, and remediation policies. IT management tools can collect information about installed products, identify products using their CPE names, and use this standardized information to help make fully or partially automated decisions regarding the assets.

We encourage members of the information security community to participate in the CPE effort by joining the CPE Discussion List, or by contacting us directly at cpe@mitre.org.

Related Efforts

	Configurations (CCE) Vulnerabilities (CVE) Software Weakness Types (CWE) Attack Patterns (CAPEC) Cyber Observables (CybOX) Log Format (CEE) Software ID Tags (SWIDs) Malware (MAEC) Checklist Language (XCCDF) Assessment Language (OVAL) Security Content Automation (SCAP) Making Security Measurable

Latest News

Registration now open for MITRE’s Security Automation Developer Days 2012 on July 9-13

CPE Launches New Web Site

CPE Mentioned in Article about Updates to Guidelines for Adopting and Using Security Content Automation Protocol (SCAP) on GCN

TagVault.org Issues Report Focused on Integrating SWIDs with CPEs

CPE/Making Security Measurable booth at InfoSec World 2012

More News »

Upcoming Events

MITRE’s Security Automation Developer Days 2012, July 9-13

CPE/Making Security Measurable booth at Black Hat Briefings 2012, July 25-26

More Events »