Bugcrowd Recognized as Security Numbering Authority for Common Vulnerabilities and Exposures
Global CVE Program Helps to Discover and Publish Publicly Disclosed Security Vulnerabilities
The Common Vulnerabilities and Exposures (CVE®) Program is an international, community-based effort that relies on the community to discover vulnerabilities. The mission of CVE is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. The discovered vulnerabilities are then assigned and published to the CVE List, which feeds the U.S. National Vulnerability Database (NVD).
There is one CVE Record for each vulnerability in the catalog. The CVE Records published in the catalog enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks. The CVE List is built by CVE Numbering Authorities (CNAs) and every CVE Record added to the list is assigned by a CNA.
CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the Vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing.
“Bugcrowd is proud to be authorized as a CVE Numbering Authority by the CVE Program, and we’re very excited to be working even more closely with the international security community to align our efforts in identifying and cataloging dangerous vulnerabilities,” said Casey Ellis, Founder and Chief Technology Officer of Bugcrowd.
Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities. CVE enables two or more people or tools to refer to a vulnerability and know they are talking about the same thing, resulting in significant time and cost savings.
The CVE Board, which drives the direction of the CVE Program, consists of industry, academic, and government representatives from around the world. CVE Working Groups develop the program’s policies (approved by the CVE Board) and are open to the community.
CVE and the CVE logo are registered trademarks of The MITRE Corporation. CVE is sponsored by U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). CISA funds the Homeland Security Systems Engineering and Development Institute (HSSEDI), a DHS Federally Funded Research and Development Center (FFRDC) operated by The MITRE Corporation, to operate the CVE Program in cooperation with industry, government, and academic stakeholders under a public/private partnership.
“Bugcrowd” is a trademark of Bugcrowd Inc. and its subsidiaries. All other trademarks, trade names, service marks and logos referenced herein belong to their respective companies.
Bugcrowd is the leading provider of crowdsourced cybersecurity solutions purpose-built to secure the digitally connected world. Today’s enterprise demands an offensive approach to cybersecurity—and Bugcrowd offers the only solution that orchestrates data, technology, and human intelligence to expose blind spots. The Bugcrowd Security Knowledge Platform™ enables businesses to do everything proactively possible to protect their organization, reputation and customers with products like Bug Bounty, Penetration Testing-as-a-Service, and more. Trusted by organizations across the globe, Bugcrowd uncovers and remediates vulnerabilities before they interrupt business by leveraging expert ingenuity and the knowledge of world-class security researchers. Based in San Francisco, Bugcrowd is backed by Blackbird Ventures, Costanoa Ventures, Industry Ventures, Paladin Capital Group, Rally Ventures, Salesforce Ventures and Triangle Peak Partners. Learn more at www.bugcrowd.com.
Lisa Bergamo, Bugcrowd
Lumina Communications for Bugcrowd