While the Vendor List might not be complicated, it is rather important to the asset table that this be maintained correctly. Here are the fields that must be reviewed each quarter.

Problem Status (UCF_Vendor_Naming_Problems)

There are a myriad of problems that can happen with these names.

• Editorial change - The most common problem is a spelling or spacing issue. If the change was done because of that, mark the record as having an editorial change.

• Genealogy change - The second-most common problem is that one organization acquired another and the genealogy for the organization that was acquired has to be reset.

• CPE name is actually a duplicate of a vendor name - We've found several names that once capitalization or spelling was corrected, were the same thing.

• Deprecated by acquisition or merger (see deprecated by) - When this happens, two vendors could go from being Alcatel and Lucent to a single vendor named Alcatel-Lucent. Many times the vendor being acquired simply "disappears" during the acquisition process. When this happens, all named references to the vendor's original name are gone, being replaced by that of the acquiring vendor. Other times the vendor being acquired has maintained a very strong brand which the acquiring vendor wishes to keep. Therefore, the list has to take account of a hierarchical name such as Adobe's Macromedia, or Cisco's Linksys. Because the CPE list is not hierarchical in nature, this type of naming just didn't take place. The UCF system does have a hierarchical taxonomy and can track vendor acquisitions and naming.

• Name does not follow standard naming convention taxonomy rules - The vendor's name must be reflective of the vendor's domain in some form or fashion. Network Frontiers is reflected (mostly) in the domain Netfrontiers.com. We've found some records where the CPE name was one thing and the domain name was something completely different. Our taxonomy rules call for the vendor name to reflect the domain name or the acquiring organization's name.

• Name refers to a product instead of an organization - Some times the CPE name provided is actually that of a product and not a vendor. This would be incorrect and would have to be changed.

• No domain or contact found for organization name - Some times the CPE name doesn't provide any information to find the vendor. There have been a couple of records within the CPE list that we simply couldn't verify because there was no domain information to be found, no contact person to be found, or no match between a product and a name. This leads us to believe that those organizations have either gone out of business or changed their names. The database has to allow for simple deprecation due to the business being gone. When this happens, the record must be deprecated and listed as an unvalidated name.

• Refers to an individual supporting a product instead of an organization - If the CPE name refers to a person and not even a "dot org" type of organization, then the UCF team cannot validate the record and must deprecate it.

CPE Vendor Name (UCF_CPE_Vendor_Name)

This field is a reference field only and cannot be changed by the reviewer. If there is a name in the field, the name came from the CPE list as maintained by MITRE and NIST. If not, then we didn't get a vendor name from them and it should be left blank.

Vendor Domain (UCF_Vendor_Domain)

The only real way to check out the vendor information is to go to their site. If this field contains a domain name, then you'll want to go to that URL and check the spelling and capitalization of the vendor's name.

Reviewer's role

If the domain does not exist, you'll need to Google the vendor's name and see what you can find and then enter the domain in this field.

Set the Naming Problems field to include Editorial change.

UCF Vendor Name (UCF_Vendor_Name)

Once there's a URL in the previous field, go to that URL and check the name of the vendor in this field against the way it is spelled and capitalized on the vendor's website. Ensure you are also checking for spacing (sometimes there isn't any between words) and capitalization of letters half-way through the title (like WinZip).

Reviewer's role for making simple changes

Make any and all changes in spelling, capitalization, and spacing. Set the Naming Problems field to include Editorial change.

Reviewer's role if the domain doesn't match the vendor's name

If you get to the domain and the website has some other vendor's name, then more than likely the original vendor was either acquired, merged, or still exists but sold the product (and its original domain) to a different vendor. In that case, you'll need to look up the vendor currently referenced on the website in our list of vendors.

If another vendor matches the name referenced on the current website

If you do find the vendor in the list, then you'll need to enter the Vendor ID field of the correct vendor into the Deprecated By field on the Editorial Pane.

Set the Naming Problems field to include Editorial change.

If no other vendor matches the name referenced on the current website

If you do not find a vendor matching the name you found on the website, you'll need stop editing that record in order to add a new vendor to the list and fill out all of the information about the vendor that you can find.

Once you've added the new vendor, you'll need to go back to the record you were editing and mark the record as being deprecated by the new vendor's ID by entering the Vendor ID field of the newly added vendor in the Deprecated By field on the Editorial Pane of the record you are editing.

Set the Naming Problems field to include Deprecated by acquisition or merger (see deprecated by).

If the name refers to a product instead of an organization

Some times the old vendor's name might be kept, not as a vendor name but as a product name. When that happens correct the vendor name as you did above by entering the Vendor ID field of the correct vendor into the Deprecated By field on the Editorial Pane.

In that case you'll want to set the Naming Problems field to include Name refers to a product instead of an organization.

UCF Genealogy (UCF_Vendor_Genealogy) and UCF Sort ID

If the domain does match the vendor's name, it doesn't automatically mean that the genealogy is correct. All records are set so that there is no genealogical inheritance. However, if an organization like Oracle acquires Sun (and Sun keeps its domain), then Sun must be subordinated in our hierarchical list under the acquiring organization, Oracle.

Reviewer's role

How you do that is find the acquiring organization's record and ID, then add the acquiring organization's record ID to the current record's Vendor Genealogy. This will also reset the sort order.

Set the Naming Problems field to include Genealogy change.