CPE - Common Platform Enumeration

Current Release: CPE Version 2.3

CPE™ is a standardized method of describing and identifying classes of applications, operating systems, and hardware devices present among an enterprise’s computing assets. CPE can be used as a source of information for enforcing and verifying IT management policies relating to these assets, such as vulnerability, configuration, and remediation policies. IT management tools can collect information about installed products, identify products using their CPE names, and use this standardized information to help make fully or partially automated decisions regarding the assets.

We encourage members of the information security community to participate in the CPE effort by joining the CPE Discussion List, or by contacting us directly at cpe@mitre.org.

Related Efforts

	Configurations (CCE) Vulnerabilities (CVE) Software Weakness Types (CWE) Attack Patterns (CAPEC) Cyber Observables (CybOX) Log Format (CEE) Software ID Tags (SWIDs) Malware (MAEC) Checklist Language (XCCDF) Assessment Language (OVAL) Security Content Automation (SCAP) Making Security Measurable

Latest News

CPE/Making Security Measurable booth at 2012 Information Assurance Expo

CPE Referenced in Tagvault.org Article about Microsoft Announcing Support for SWIDs

CPE Briefing Slides from Security Automation Developer Days 2012 Now Available

More News »

Upcoming Events

CPE/Making Security Measurable booth and SCAP briefings at IT Security Automation Conference 2012, October 3-5

More Events »