Security firm Rapid7 has been designated as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA).
The designation means that Rapid7 will now be able to assign CVE numbers to vulnerabilities found in Rapid7’s and any other vendors’ products, whether they are disclosed by Rapid7 or third-party researchers. CVEs assigned by Rapid7 will be added to the CVE list, an enumeration of information security vulnerabilities and exposures that provides a singular way of identifying publicly known cybersecurity issues.
The goal of CVE is to make it easier to share data across separate vulnerability tools, repositories and services with standardized identifiers for given vulnerabilities or exposures. The common identifiers allow users to quickly and accurately access information about a problem across multiple information sources that are CVE-compatible.
The MITRE Corp (MITRE) manages and maintains the CVE list with assistance from the CVE Board. MITRE is a not-for-profit operator of seven federally funded research and development centers, and its mission is to work in the public interest. Its unique role allows them to provide an objective perspective with regard to disclosed vulnerabilities.
“We are honored to become a CNA and look forward to collaborating with MITRE, who have impressed us with their efforts to evolve the CVE program to meet ever-increasing needs,” said Corey Thomas, president and CEO at Rapid7. “Our support of reasonable disclosure practices is driven by our deep-seated commitment to supporting and empowering the community. Our goal is twofold: help improve and mature the security practices of vendors and manufacturers, while educating users on risk, so they can make informed decisions.”
Photo © Billion Photos