Secur0 becomes a CNA for the CVE Program
As a CNA authorized by the CVE™ Program, Secur0 can now assign CVE IDs and integrate CVE management into its triage, validation, and coordinated disclosure workflow.
We have been authorized as a CNA (CVE Numbering Authority) by the CVE™ Program.
This means that Secur0 can now assign CVE Identifiers (CVE IDs) to eligible vulnerabilities and participate directly in the process of coordination and publication of CVE Records for publicly disclosed vulnerabilities.
The CVE Program provides a global standard to identify and catalog cybersecurity vulnerabilities. CVE IDs allow researchers, organizations, and security teams to talk about the same issue consistently, facilitating the prioritization, coordination, and remediation of vulnerabilities.
For Secur0, becoming a CNA is not only about assigning identifiers. It also allows integrating CVE management within the same workflow where triage, technical validation, and coordination of disclosure take place.
This helps simplify processes for organizations managing Vulnerability Disclosure Policy (VDP), bug bounty, or coordinated disclosure programs, reducing coordination times and improving communication among all involved parties.
The assignment of CVEs will remain a coordinated process. Secur0 will determine which vulnerabilities in its CNA scope will receive a CVE, and publication will depend on the organization's criteria, the program's policies, and the context of the vulnerability.
Improving vulnerability coordination As a CNA, Secur0 seeks to facilitate the path between the discovery and the remediation of vulnerabilities through:
- More agile coordination processes
- Less reliance on third parties
- Better traceability and consistency
- More efficient communication between researchers and organizations
This step reinforces Secur0's commitment to creating tools and processes that make vulnerability management more efficient and accessible for companies and researchers.
About Secur0 Secur0 is a company specialized in offensive cybersecurity that facilitates the connection between companies and the ethical hacking community. Its mission is to detect security flaws before attackers do, actively contributing to building a safer digital ecosystem for everyone.
About the CVE Program The mission of the CVE™ Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.