Keeper Security have announced it has been authorised by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA). Keeper is the first password management company to join this global effort to identify, define and catalogue publicly-disclosed cybersecurity vulnerabilities.
As a CNA, Keeper has the ability to directly assign CVE IDs and publish CVE records for vulnerabilities discovered in its own source code and vulnerabilities in third-party software discovered by the Keeper team that are not in another CNA’s scope.
Keeper can then publish that information via the CVE List, which information technology and cybersecurity professionals around the world use to coordinate their efforts to prioritise and address the vulnerabilities.
“Becoming a CNA partner highlights our ongoing commitment to the responsible disclosure of potential security issues,” said Craig Lurey, CTO and Co-Founder of Keeper Security. “Our mission is to provide the world’s most secure and innovative cybersecurity software, and we believe that programs like CVE are a vital component to ensuring the security of all digital products and services people rely on.”
CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). CISA uses the CVE List to compile its Known Exploited Vulnerability Catalogue, which organisations use to prioritise remediation of listed vulnerabilities, reducing the likelihood of compromise by known threat actors.
The CVE list also feeds into the National Institute of Standards and Technology (NIST) U.S. National Vulnerability Database, which is the government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol.