Cybellum, an Automotive Cybersecurity Risk Assessment company that develops automated vulnerability detection technology for software security and risk assessment, announced that it has joined the CNA (CVE Numbering Authority) program.
CVE is a dictionary that provides definitions for publicly disclosed cybersecurity vulnerabilities and exposures. The goal of CVE is to make it easier to share data across separate vulnerability capabilities with these definitions. It is sponsored by U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA).
The company’s cyber security experts will now contribute to the CVE by disclosing, reporting and assigning CVEs to vulnerabilities. With this nomination, the company joins some of the world’s top technology and cybersecurity corporations in advancing the cyber security community.
CVE Numbering Authorities (CNAs) are organizations from around the world authorized to assign CVE IDs to vulnerabilities affecting products within their scope, for inclusion in first-time public announcements of new vulnerabilities. These CVE IDs are then provided to researchers, vulnerability disclosure organizations, and information technology vendors. The U.S. National Vulnerability Database (NVD) is also fed by CVE.
The CVE List was launched by MITRE as a community effort in 1999, and since then, only 110 firms and organizations globally have joined the effort. Among the members of the CNA program are the world’s top technology corporations. But, till today, the automotive cybersecurity industry was not a focus area.
“With the entrance of connected cars and upcoming autonomous vehicles to the market, comes the responsibility of automotive OEMs and suppliers to properly manage the cybersecurity risks that these technologies come with. We feel that it’s time for our industry to have its own authorities to disclose vulnerabilities to the public. We are very excited about being the first automotive cybersecurity company registered as a CNA. We expect others to follow us and contribute to public security,” said Slava Bronfman, Cybellum CEO.
Cybellum automotive risk analysis solutions automatically detect a wide range of zero-day vulnerabilities in in-vehicle ECUs and other automotive software. OEMs and suppliers using Cybellum solutions can now close the entire life-cycle of vulnerabilities. Using Cybellum, these vendors can automatically detect a vulnerability, mitigate and remediate it, and work with the company’s security research team to properly disclose and assign a CVE to it.
Source: Press Release