CPE and pURL: Identifying the vulnerable software

Name: CPE and pURL: Identifying the vulnerable software
Uploaded: Jan 4, 2023
Duration: 588 s

Debricked537 subscribers

2.5K views

Jan 4, 2023

9:48

Being able to uniquely identify the application or software that is vulnerable is crucial. This will help us understand that we are using vulnerable software and that we need to consider patching or in another way remediating the vulnerability. The CPE and pURL schemes are two ways of doing this. The CPE is more universal, while the pURL is more suitable for open source software. In this part of the course, we will look at how these two schemes are used to identify a piece of software or an application. Dive deeper into the topic on our blog: Vulnerabilities in Dependencies, Third Party Components and Open Source: What you need to know - https://debricked.com/blog/vulnerabilities-dependencies/ Debricked | Your Partner in Open Source https://debricked.com/ Chapters: 0:00 Intro 0:23 What is the CPE and how to read it 3:13 What is the Package URL/pURL and how to read it Debricked is the small voyager with huge ambitions to not only become the best software composition analysis tool in the universe but to bring SCA 2.0 to the game. Actionability - Debricked SCA doesn't only show you what security vulnerabilities you have, the tool also helps you fix them with either a simple click or a remediation suggestion. Data quality - The Debricked tool is based on state-of-the-art machine learning algorithms, making the data quality absolutely top of the game. This means fewer false positives and minimal false alerts. Open source intelligence - Debricked doesn't only help you analyze and fix vulnerabilities and ensure license compliance, the tool also helps you better understand the health of the open source projects your developers use. Further resources: The Debricked Blog ‣ https://debricked.com/blog/ The Debricked Portal ‣ https://portal.debricked.com/ Open Source Select ‣ https://debricked.com/select/ Vulnerability Database ‣ https://debricked.com/vulnerability-database Connect with us: LinkedIn ‣ https://www.linkedin.com/company/debricked/ Twitter ‣ @debrickedab Instagram ‣ @debricked #Debricked #OpenSource #OpenSourceSecurity

Download

0 formats

No download links available.