Contents described in this part just provide background information on the present exemplary embodiment and do not configure the prior art.
Security vulnerability included in software may be easily abused in attacking a computer system. Attackers may perform malicious actions by identifying web services having vulnerable security by means of Internet scan tools. Accordingly, security managers need to be able to well know opened vulnerabilities and rapidly cope with the vulnerabilities.
A National Vulnerability Database (NVD) provides common vulnerabilities and exposures (CVE) information so as to easily share known security vulnerability information. The CVE provides a method for referring to the security vulnerability information of a software package and is constituted by a vulnerability overview, a common vulnerability scoring system (CVSS), a vulnerability occurrence product name (common platform enumeration (CPE)), a vulnerability type (common weakness enumeration (CWE)), and the like.
In a method for generating the CPE information in the related art, since the CPE information is generated by searching for product information based on a pattern (“Integer.Integer.Integer”) of a product version, there is a limit in analyzing various CPE candidates.
A method and an apparatus that provide information on a CPE type computer system for overcoming the limit and interlocking with CVE vulnerability information have not yet been implemented.