Sophos Named Common Vulnerability and Exposure Numbering Authority
January 2021 by Marc Jacob
Sophos announced that it has been named a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) in the CVE program, a recognized international standard for identifying and naming cybersecurity vulnerabilities. With this status, Sophos is authorized to assign CVE identification to unique vulnerabilities within the scope of its products. Security researchers can now work directly with Sophos to open CVEs for the company’s products, making the process of reporting issues and assigning CVEs more straightforward.
The CVE program is an international, community-based effort that maintains a community-driven, open data registry of vulnerabilities. The program catalogs CVEs in a publicly available registry that is available to security researchers, vulnerability disclosers and information technology vendors. Using a common identifier makes it easier to share and cross-check data across the industry’s several and separate security databases and tools that track vulnerabilities.
“The Common Vulnerabilities and Exposures Team welcomes Sophos as our newest CVE Numbering Authority. Sophos has a strong reputation of contributing to the global digital security community, producing antivirus, encryption and cybersecurity capabilities for over 30 years. Their experience brings real value to the CVE Program. We are very pleased to have Sophos as a contributing member of the CVE Team,” said Kent Landfield, CVE board member.
Common Vulnerabilities and Exposures (CVE®) is an international, community-based effort that maintains a community-driven, open data registry of vulnerabilities. The CVE IDs assigned through the registry enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks. The CVE Program currently has 149 CNA’s in 25 countries, globally across technologies and services.