Cyber Security Works becomes a CVE Numbering Authority
Posted on 3rd Nov, 2020 | By Sumeetha Manikandan
Cyber Security Works (CSW) has been successfully admitted by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA). This recognition allows Cyber Security Works to assign CVE Identifiers (CVE IDs) to vulnerabilities in programming languages and products and help the Cyber Security Industry remain secure. CSW is the second company in India to receive this recognition.
CVE Numbering Authority (CNA)
CVE is an international, community-based effort that maintains a community-driven, open data registry of vulnerabilities. The CVE IDs assigned through the registry that enables program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks.
CNAs are organizations from around the world that are authorized to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.
The CVE List is built by CNAs. Every CVE Record added to the list is assigned by a CNA and the CVE List feeds the U.S. National Vulnerability Database (NVD).
Identification of Vulnerabilities
Identifying vulnerabilities fast to expedite fixes and patches has become critical today. As one of the CVE Program's CNA partners, CSW can help vulnerability management by validating vulnerabilities and mitigating risk from threat actors. CSW since its inception in 2008 has responsibly disclosed 45 zero days to the CVE Program.
Ram Movva, President & Co-founder of CSW said, “We have long aspired to be the voice for responsible disclosure from the Indian subcontinent and the rest of Asia. India has a huge number of bug bounty hunters and we would like to be their gateway to disclose their findings and encourage them through rewards. Getting recognized as a CNA is an important step towards a global effort in vulnerability management and we are excited to be a part of this program.”
"I am absolutely delighted to see the CVE program secure a foothold in India with the onboarding of CSW as a new CNA. We've long aspired to be a truly international organization and getting input from more diverse sources of technical expertise is critical to maintaining CVE's ongoing relevance in a global environment of promoting enhanced cybersecurity for everyone." - Tod Beardsley, Research Director at Rapid7 and CVE Board member.
Reach out to us if you have found a new vulnerability firstname.lastname@example.org and our team will validate your findings.