CPE Home Common Platform Enumeration: A structured naming scheme for IT systems, platforms, and packages
CPE Website is in "Archive" status — read the announcement
 

   

CPE Dictionary — Archive

The CPE Dictionary is the official collection of CPE Names. Its purposes are to:

  • Provide a canonical source for all known CPE Names.
  • Bind descriptive metadata (such as a title and notes) to a CPE Name.
  • Bind diagnostic tests (such as an automated check to determine if a given platform matches the name) to a CPE Name.

The CPE Dictionary is hosted and maintained by the National Institute for Standards and Technology (NIST) as part of the U.S. National Vulnerability Database (NVD) program. NIST is responsible for ensuring that the CPE Dictionary conforms to the CPE Specifications (currently at version 2.3), and for managing the content review and quality assurance processes.

Submission Process

CPE Names (also called CPE Identifiers, CPE-IDs, and CPEs) are created by the CPE Community on an as-needed basis, and must be well-formed as determined by the appropriate CPE Specifications. Community members who require a new CPE Name should create a CPE-conformant name and submit it to the CPE Team for inclusion in the CPE Dictionary. The process is as follows:

  1. Refer to the appropriate CPE Specifications to develop your proposed CPE Name(s), making your best effort to create well-formed names. It is also recommended that you refer to the current CPE Dictionary for examples and precedents.
  2. Prepare each CPE Name submission in valid CPE Dictionary XML form as defined by the CPE 2.2 Dictionary Schema, which is also included by NIST on its CPE Dictionary page. You may bundle multiple name submissions into a single XML file. We recommend that you run an XML Schema validator to ensure your submission validates against the CPE Dictionary Schema.
  3. Send your submission via email to cpe_dictionary@nist.gov.
  4. NIST will conduct a quality assurance review before adding new names to the CPE Dictionary. During this review, portions of a proposed CPE Name(s) may be changed based on research performed against the most credible vendor and product information resources available. No name should be considered accepted until it is published in the CPE Dictionary.
  5. NIST will notify you when new CPE Names have been reviewed and approved.

Error reports and proposed content updates to the CPE Dictionary should follow the same submission process and are subject to the same QA process as new CPE Name submissions. They should be submitted in valid CPE Dictionary XML form and in a separate file from new CPE Name submissions.

BACK TO TOP

Vendor Participation Encouraged

Since CPE Names contain the names and versions of software and hardware products, vendor participation is critical to ensuring that product names are accurately represented in the CPE Dictionary. CPE is currently supported by many vendors who help validate the names of their products.

Current Official Version

Go to the Official CPE Dictionary on NVD for searching and/or an xml download of the most current version, growth statistics, and other information. An archive of previous versions of the dictionary is also available.

BACK TO TOP

      

Page Last Updated: March 22, 2013