Posted inSecurity

Sophos recognised as an authority for identifying cybersecurity vulnerabilities

With this status, Sophos is authorised to assign CVE identification to unique vulnerabilities within the scope of its products

by ITP Staff
Sophos recognised as an authority for identifying cybersecurity vulnerabilities
Sophos recognised as an authority for identifying cybersecurity vulnerabilities
by ITP Staff

Sophos has announced that it has been named a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) in the CVE programme.

The CVE programme is an international standard for identifying and naming cybersecurity vulnerabilities. With this status, Sophos is authorised to assign CVE identification to unique vulnerabilities within the scope of its products.

Security researchers can now work directly with Sophos to open CVEs for the company’s products, making the process of reporting issues and assigning CVEs more straightforward.

SEE ALSO: Sophos says Myanmar firms attacked with ‘KilllSomeOne’ malware

“Sophos’ new status as a CNA is another example of our commitment to be transparent, and by having the ability to assign CVEs, we can provide the industry with pertinent information about our products faster. This allows organisations to more quickly assess security issues, determine the scale of urgency and prioritise updates,” said Ross McKerchar, vice president and chief information security officer at Sophos. “Sophos’ CVEs will also get entered into the multiple CVE-compatible databases within the industry. By working collectively on these databases with other vendors and industry standards watchguards, we can together improve defenses against persistent attackers.”

A community-based effort, the CVE programme maintains a community-driven, open data registry of vulnerabilities. The programme catalogs CVEs in a publicly available registry that is available to security researchers, vulnerability disclosers and information technology vendors. Using a common identifier makes it easier to share and cross-check data across the industry’s several and separate security databases and tools that track vulnerabilities.

YOU MIGHT ALSO BE INTERESTED INSophos turns to AI to improve defences against cyber-attacks

“The Common Vulnerabilities and Exposures Team welcomes Sophos as our newest CVE Numbering Authority. Sophos has a strong reputation of contributing to the global digital security community, producing antivirus, encryption and cybersecurity capabilities for over 30 years. Their experience brings real value to the CVE programme. We are very pleased to have Sophos as a contributing member of the CVE Team,” said Kent Landfield, CVE board member.