CPE Deprecated Dictionary integration - Security Database

CPE Deprecated Dictionary integration

This update is one of our biggest ’technical’ updates. We will now fully handle the CPE Deprecated Dictionary made by NVD. Thousand lines of codes, tests, checks, re checks and more. Again, our data quality, but also our alerts, will be greater.

But what is "Deprecated CPE Dictionary."

It means that when a CPE is no more valid, we handle it automatically. We made the change in our database, for alerts, but also on your vDNA Monitoring pool. And, of course, we mail you when it impacts your products.

What does it mean in? An example could be a simple version change:

  • cpe:/o:microsoft:windows_xp:sp3 became cpe:/o:microsoft:windows_xp::sp3 (notice a small change, Version go to Edition)
  • cpe:/o:yahama:srt100:10.00.56 became cpe:/o:yamaha:srt100:10.00.56 (notice vendor misspelling)

But sometimes CPE disappear: (Deprecated by nothing)

  • cpe:/a:microsoft:visio:2000::enterprise no more exist

Or change completely:

  • cpe:/o:sun:solaris:5.9 became cpe:/o:sun:sunos:5.9
  • cpe:/o:sun:solaris:2.5.1 became cpe:/o:sun:sunos:5.5.1 (notice product and version change)

Before deprecating introduction, we kept all CPE, sometimes with good, but most of the time, for bad reason. Now, we will follow the Dictionary.

But beware, the CPE2.3 and 2.2 (NVD) Dictionary are not perfect and have errors.

Example “Bluecoat Proxysg” exist in the Dictionary with 3 ’Parts’: Hardware + Application + OS. And two or three naming version:

  • cpe:/h:bluecoat:proxysg:6
  • cpe:/o:bluecoat:proxysg:6.2.16.4
  • cpe:/a:bluecoat:proxysg:6.5.8.7

(...)

This will be our next challenge, build our own deprecated CPE Dictionary that will be under the official one.

This update was a huge change for us. And of course, it was not simple. Why, because NVD, sometimes, updates data, but don’t put them in xml files. Without parsing the whole NVD database, nobody knows change exists.

So, ok, we rebuild our CVE database once a day. And with a lot of work, coding tips and hardware upgrade, it takes us 35-45 minutes to complete! Yeah! 70.000 CVE in 35 min!

And of course, bug corrections, performances upgrades...

Hope you’ll like this update!
The Security-Database Team