----- Original Message ----- > From: "Shawn Wells" <[email protected]> > To: [email protected] > Sent: Thursday, October 20, 2016 2:45:39 PM > Subject: Re: VMs, containers vs. bare-metal machines in SSG > > [snip] > > Really like the idea of CPEs. We can always work with NIST to get extra > CPEs added.... but wouldn't that mean creation of redhat:docker, > redhat:openshift, Docker:docker, pivotal:cloudfoundry, etc?
I'd like for SSG to be agnostic of the tech so I would go for CPE ID for container-image and that will be applicable when scanning docker images, rkt images, plain LXC images, etc... Same with vm-image, applicable on all offline virtual machine scanning, regardless of what is powering the VM or how it's stored. -- Martin Preisler Identity Management and Platform Security | Red Hat, Inc. _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
