I dont have any idea - its not something I've ever seen brought up on the
mailing lists here.

It might be better to email the ASF security list

http://www.apache.org/security/

Niall


On Wed, Apr 16, 2014 at 3:01 AM, Bernd Eckenfels <e...@zusammenkunft.net>wrote:

> Hello,
>
> can somebody tell me how CPE Entries (Product Dictionary, Common
> Platform Enumeration) for Apache (Commons) products get populated in the
> NVD. Is there somewhere an mapping from component to productname stored?
>
> And is there an option or plan to specify things like maven coordinates
> or package names to allow further usefullness of product records?
>
> If not here, is this a infra- or a repository- topic?
>
> Sample:
>
> http://web.nvd.nist.gov/view/cpe/detail?keyword=fileupload&nonDeprecatedOnly=true&cpeId=191948
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org
> For additional commands, e-mail: dev-h...@commons.apache.org
>
>

Reply via email to