With Sophos, the CVE program has recognized a new authorized participant as a (Common Vulnerability and Exposure) Numbering Authority.
Sophos has been recognized as a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) in the CVE program. The CVE is an international standard for identifying and naming cybersecurity vulnerabilities. Upon inclusion, Sophos is entitled to issue internationally valid CVE IDs for security gaps in its products. The benefit is that security researchers can now work directly with Sophos to assign CVEs for the company's products. This simplifies the reporting processes and the assignment of CVEs.
Vulnerability register CVE
The CVE program is an international collaborative project that uses CVEs to keep an open register of vulnerabilities. It is available to security researchers and information technology providers. The use of a common name makes it easier to use and compare data between different security databases and tools that find and list vulnerabilities.
“Sophos 'new status in the CNA is part of Sophos' transparency initiative. The ability to assign CVEs enables us to provide the industry with relevant information about our products more quickly. This enables companies to quickly assess security issues, determine the level of urgency and prioritize updates, ”said Ross McKerchar, vice president and chief information security officer at Sophos. “Sophos' CVEs are also included in the industry's many CVE-compliant databases. By working with others on these databases, we can work together to improve protection against dangerous attackers. "
Sophos as a CVE team member
“The Common Vulnerabilities and Exposures team welcomes Sophos as our newest CVE Numbering Authority. Sophos has a strong reputation in the global digital security community and has provided antivirus, encryption and cybersecurity solutions for over 30 years. The Sophos experience is a real asset to the CVE program. We are very excited to have Sophos as an active member of the CVE team, ”said Kent Landfield, member of the CVE board of directors.
Via the CVE program
Common Vulnerabilities and Exposures (CVE®) is an international, community-based project that maintains a community-operated, open data registry for vulnerabilities. The CVE IDs assigned via the registry enable program participants to quickly discover and correlate information about vulnerabilities that are used to protect systems from attacks. The CVE program currently has 149 CNAs in 25 countries worldwide and across technologies and services.
More on this at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.