Bugcrowd, the pioneer in crowdsourced cybersecurity announced it has been authorised by the CVE programme as a CVE Numbering Authority (CNA).
CVE programme
The Common Vulnerabilities and Exposures (CVE(r)) programme is an international, community-based effort that relies on the community to discover vulnerabilities.
The mission of CVE is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. The discovered vulnerabilities are then assigned and published to the CVE List, which feeds the U.S. National Vulnerability Database (NVD).
CVE Record
CNAs are organisations responsible for the regular assignment of CVE IDs to vulnerabilities
There is one CVE Record for each vulnerability in the catalog. The CVE Records published in the catalog enable programme stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks. The CVE List is built by CVE Numbering Authorities (CNAs) and every CVE Record added to the list is assigned by a CNA.
CNAs are organisations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the Vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing.
CVE Numbering Authority
"Bugcrowd is proud to be authorised as a CVE Numbering Authority by the CVE programme, and we're very excited to be working even more closely with the international security community to align our efforts in identifying and cataloging dangerous vulnerabilities," said Casey Ellis, Founder and Chief Technology Officer of Bugcrowd.
Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue and to coordinate their efforts to prioritise and address the vulnerabilities.
CVE enables two or more people or tools to refer to a vulnerability and know they are talking about the same thing, resulting in significant time and cost savings.
CVE Working Groups
CVE Working Groups develop the programme's policies and are open to the community
The CVE Board, which drives the direction of the CVE programme, consists of industry, academic, and government representatives from around the world. CVE Working Groups develop the programme's policies (approved by the CVE Board) and are open to the community.
CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA).
Public/private partnership
CISA funds the Homeland Security Systems Engineering and Development Institute (HSSEDI), a DHS Federally Funded Research and Development Center (FFRDC) operated by The MITRE Corporation, to operate the CVE programme in cooperation with industry, government, and academic stakeholders under a public/private partnership.
"Bugcrowd" and "Bugcrowd Security Knowledge Platform" are trademarks of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.