Hello again,
I have kept been pondering on this topic for quite some time and have
after quite some thought come to the conclusion that the mismatch in
the CPE Name Matching actually is due to a wrong interpretion of the
specification on the side of the dependencytrack maintainers and by
extension
Hi Steve,
I don't think it makes much of a difference at this point. When looking
at the recipes in openembedded core (master), only a handful of recipes
provide the CVE vendor:
➜ meta git:(master) pwd
/home/jasper/git/openembedded-core/meta
➜ meta git:(master) gr
On Fri, Aug 25, 2023 at 9:18 AM Jasper Orschulko via
lists.openembedded.org
wrote:
>
> Hi Richard,
> hi all,
>
> I want to address a flaw in the current CPE generation functionality in
> openembedded, which renders the CPEs unusable in regards to the minimal
> requirements of the NIST CPE Name Mat
Hi Richard,
hi all,
I want to address a flaw in the current CPE generation functionality in
openembedded, which renders the CPEs unusable in regards to the minimal
requirements of the NIST CPE Name Matching Specification standard
(https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7696.pdf).
This