© 2024 CoolTechZone - Latest tech news,
product reviews, and analyses.

ENISA appointed as CVE Numbering Authority

ENISA, the EU Agency for Cybersecurity, is expanding its support to European Computer Security Incident Response Teams (CSIRTs) for coordinated vulnerability disclosure. As of Wednesday, the agency is authorized to assign CVE codes to software exploits.

‘CVE’ is an abbreviation that stands for Common Vulnerabilities and Exposures. Simply said it’s a list with known security vulnerabilities in software, which is publicly available.

You can recognize these exploits by looking at the CVE ID. A CVE ID starts with the letters CVE, followed by the year and a five-digit number. The CVE ID makes it easier to track vulnerabilities, exchange information and assess security products and other software.

The MITRE Corporation founded the CVE database to identify, define and catalog disclosed cybersecurity vulnerabilities. The database currently contains over 235,000 CVE records.

Reporting and addressing vulnerabilities more effectively

Not just anybody can add a CVE ID to the CVE database. In order to do that, you need to be a CVE Numbering Authority (CNA).

A CNA is a consortium of parties -like vendors, security researchers and bug bounty providers- that is authorized by MITRE Corporation’s CVE Program to assign CVE IDs to vulnerabilities and publish these records within their own specific scopes of coverage.

ENISA has actively been working on developing mechanisms to encourage the use of Coordinated Vulnerability Disclosure (CVD). To promote CVD policies at a national level, ENISA had published guidelines, recommendations and analyses. Numerous EU Member States have now successfully implemented CVD policies.

In order to report and assess vulnerabilities more effectively, ENISA has officially been appointed as a CVE Numbering Authority.

Hans de Vries, Chief Cybersecurity Officer and Operating Officer (COO), is pleased with this new role. “We all rely on software and services in our daily lives. However, software can have vulnerabilities that disrupt use or open doors for potential misuse. Recognising and addressing these vulnerabilities promptly is crucial to ensuring our digital security,” he says in a statement.

As of this moment, there are 382 CNAs from 40 countries in the CVE Program.

Leave a Reply

Your email address will not be published. Required fields are marked