about CPE	specification	dictionary	community	search

overview faqs use cases governance contact us

overview new work abbreviations tracker versioning

overview cpe dictionary

overview developer days discussion list list archive

A structured naming scheme for IT systems, platforms, and packages.

CPE Dictionary

The CPE Dictionary is the official collection of CPE Names. Its purposes are:

To provide a canonical source for all known CPE Names.
To bind descriptive metadata (such as a title and notes) to a CPE Name.
To bind diagnostic tests (such as an automated check to determine if a given platform matches the name) to a CPE Name.

The CPE Dictionary is hosted and maintained by the National Institute for Standards and Technology (NIST) as part of the National Vulnerability Database (NVD) program. NIST is responsible for ensuring that the CPE Dictionary conforms to the CPE Specification (currently at version 2.2), and for managing the content review and quality assurance processes.

Submission Process

CPE Names are created by the CPE community on an as-needed basis, and must be well-formed as determined by the CPE Specification. Community members who have a need for a new CPE Name should create a CPE-conformant name and submit it to the CPE Team for inclusion in the CPE Dictionary. The process is as follows:

Refer to the CPE Specification to develop your proposed CPE Name(s), making your best effort to create well-formed names. It is also recommended that you refer to the current CPE Dictionary (link below) for examples and precedents.
Prepare each CPE Name submission in valid CPE Dictionary XML form as defined by the CPE 2.2 Dictionary Schema, which can be downloaded from here. You may bundle multiple name submissions into a single XML file. We recommend that you run an XML Schema validator to ensure your submission validates against the CPE Dictionary Schema.
Send your submission via email to cpe_dictionary@nist.gov.
NIST will conduct a quality assurance review before adding new names to the CPE Dictionary. During this review, portions of a proposed CPE Name(s) may be changed based on research performed against the most credible vendor and product information resources available. No name should be considered accepted until it is published in the CPE Dictionary.
NIST will notify you when new CPE Names have been reviewed and approved.

CPE Dictionary Schema

Error reports and proposed content updates to the CPE Dictionary should follow the same submission process and are subject to the same QA process as new CPE Name submissions. They should be submitted in valid CPE Dictionary XML form and in a separate file from new CPE Name submissions.

Since CPE Names contain the names and versions of software and hardware products, vendor participation is critical to ensuring that product names are accurately represented in the CPE Dictionary. CPE is currently supported by many vendors who help validate the names of their products. Vendors who are interested in learning more about supporting CPE should contact the CPE Team at cpe@mitre.org.

Links

The current CPE Dictionary is available for search and download in XML form at: http://nvd.nist.gov/cpe.cfm.
Previous CPE Dictionary versions are available for download at: http://static.nvd.nist.gov/feeds/xml/cpe/dictionary/.

overview | cpe dictionary

	This Web site is sponsored and managed by The MITRE Corporation to enable stakeholder collaboration. Copyright © 2007-2012, The MITRE Corporation. CPE and the CPE logo are trademarks of The MITRE Corporation. All rights reserved. Contact Us \| Privacy policy \| Terms of use \| Search This Site