Software company, Synopsys has announced its designation as a CVE Numbering Authority (CNA) by the CVE Program. The group is now authorised to assign CVE identification numbers to newly discovered vulnerabilities and publish information about the vulnerabilities in the associated CVE records.
“We’re excited to take this next step in our progression as a good steward of the broader software ecosystem,” said Jason Schmitt, general manager of the Synopsys Software Integrity Group. “As a leader in application security, vulnerability research is part of our DNA. As a CNA, we can more effectively and efficiently disseminate the results of our research to our customers and the software community in general—for both newly discovered vulnerabilities and existing CVE records that may be inaccurate or incomplete.”
The CVE Program is an international, community-based program whose mission is to identify, define, and catalogue publicly disclosed cybersecurity vulnerabilities. As a newly designated CNA, Synopsys can streamline the process of publishing accurate and timely vulnerability information it uncovers to the public.
“The identification and availability of accurate and timely vulnerability information is essential when protecting the software supply chain,” said Christopher Fearon, Director of Research Engineering for the Synopsys Software Integrity Group.
“As we expand our vulnerability research and development efforts within Synopsys CyRC, the direct nature of disclosing vulnerabilities as a CNA adds an increased level of transparency and speed to our research capabilities.”