Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST Workshop on Hardware CPE and CVSS Updates

NIST Workshop on Hardware CPE and CVSS Updates
Credit: NIST Workshop on Hardware CPE and CVSS Updates

NIST is hosting a one-day workshop on hardware representation in the Common Platform Enumeration (CPE) and on how the Common Vulnerability Scoring System (CVSS) applies to hardware. The workshop will discuss NIST's plans and potential updates in these areas and gather community feedback from hardware vendors, vulnerability analysts, security-tool developers, National Vulnerability Database (NVD) users, and standards participants across government and industry.

Topics will include the current state of hardware coverage in NVD and CPE, plans and potential changes to CPE for hardware representation, CVSS considerations specific to hardware, and how the community can engage with this work going forward. The workshop is part of NIST's CHIPS Metrology and Computer Security Division (CSD) effort to improve how hardware products are identified and how their vulnerabilities are scored.

The event will be held at the NIST National Cybersecurity Center of Excellence (NCCoE) in Rockville, Maryland, with a virtual attendance option.

For more information about NVD CPE, please visit the NVD CPE page. For CPE development and access to the public comments forum, contact cpe-dev [at] list.nist.gov (cpe-dev[at]list[dot]nist[dot]gov).

If you have questions regarding the workshop, please contact cpe-workshop [at] nist.gov (cpe-workshop[at]nist[dot]gov).

View/Download Agenda (PDF)

Time (ET)SessionLead
10:00 – 10:15 a.m.Welcome & framingKevin Stine (NIST)
10:15 – 10:45 a.m.Why CPE is being revised (the issues)Dragos Prisaca (NIST)
10:45 – 11:15 a.m.CPE 3.x: issues & directionsHarold Booth (NIST)
11:15 – 11:30 a.m.Break 
11:30 a.m. – 12:00 p.m.Identifying & matching hardwareLexi Selldorff (Manifest Cyber)
12:00 – 1:00 p.m.Facilitated morning discussion – open discussion of the morning talks; share your hardware use cases and what you would want from a revised CPE. Input-gathering, not approval.Facilitator: JP Chalpin (CyberESI)
1:00 – 2:00 p.m.Lunch 
2:00 – 2:45 p.m.Panel: Identify hardware and vulnerabilities in practice

Moderator: Kostas Amberiadis (NIST) 

  • Daniel O'Loughlin (Qualcomm)
  • Arun Kanuparthi (Intel)
  • Ankur Srivastava (UMD)
  • Swarup Bhunia (UF)
2:45 – 3:00 p.m.Break 
3:00 – 3:45 p.m.Panel: Severity scoring & hardware

Moderator: Kostas Amberiadis (NIST) 

  • Jonathan Spring (SSVC)
  • Jay Jacobs (EPSS)
  • Michael Zuzak (RIT)
  • JV Rajendran (TAMU)
3:45 – 4:00 p.m.Closing & next steps 

 

Created May 20, 2026, Updated June 22, 2026
Was this page helpful?