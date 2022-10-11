Global CVE Program Helps to Discover and Publish Publicly Disclosed Security Vulnerabilities

SAN FRANCISCO, Oct. 11, 2022 /PRNewswire/ -- Bugcrowd, the leader in crowdsourced cybersecurity, today announced it has been authorized by the CVE Program as a CVE Numbering Authority (CNA).

The Common Vulnerabilities and Exposures (CVE®) Program is an international, community-based effort that relies on the community to discover vulnerabilities. The mission of CVE is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. The discovered vulnerabilities are then assigned and published to the CVE List, which feeds the U.S. National Vulnerability Database (NVD).

There is one CVE Record for each vulnerability in the catalog. The CVE Records published in the catalog enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks. The CVE List is built by CVE Numbering Authorities (CNAs) and every CVE Record added to the list is assigned by a CNA.

CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the Vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing.

"Bugcrowd is proud to be authorized as a CVE Numbering Authority by the CVE Program, and we're very excited to be working even more closely with the international security community to align our efforts in identifying and cataloging dangerous vulnerabilities," said Casey Ellis, Founder and Chief Technology Officer of Bugcrowd.

Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities. CVE enables two or more people or tools to refer to a vulnerability and know they are talking about the same thing, resulting in significant time and cost savings.

The CVE Board, which drives the direction of the CVE Program, consists of industry, academic, and government representatives from around the world. CVE Working Groups develop the program's policies (approved by the CVE Board) and are open to the community.

CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). CISA funds the Homeland Security Systems Engineering and Development Institute (HSSEDI), a DHS Federally Funded Research and Development Center (FFRDC) operated by The MITRE Corporation, to operate the CVE Program in cooperation with industry, government, and academic stakeholders under a public/private partnership.

