I dont have any idea - its not something I've ever seen brought up on the mailing lists here.
It might be better to email the ASF security list http://www.apache.org/security/ Niall On Wed, Apr 16, 2014 at 3:01 AM, Bernd Eckenfels <e...@zusammenkunft.net>wrote: > Hello, > > can somebody tell me how CPE Entries (Product Dictionary, Common > Platform Enumeration) for Apache (Commons) products get populated in the > NVD. Is there somewhere an mapping from component to productname stored? > > And is there an option or plan to specify things like maven coordinates > or package names to allow further usefullness of product records? > > If not here, is this a infra- or a repository- topic? > > Sample: > > http://web.nvd.nist.gov/view/cpe/detail?keyword=fileupload&nonDeprecatedOnly=true&cpeId=191948 > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
