F-Secure authorized to be a CVE Numbering Authority (CNA)

Report this content

CVE Program’s accreditation allows F-Secure to assign CVE identifiers in accordance with the cyber security industry’s best practices.

Helsinki, Finland – August 10, 2020: Cyber security provider F-Secure is authorized by the CVE Program to assign Common Vulnerability and Exposures (CVE) identifiers as a CVE Numbering Authority (CNA). CNAs are organizations authorized by the CVE Program to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope.

CVEs are publicly disclosed security flaws. Without careful coordination in how these flaws are disclosed, security researchers and software vendors risk providing sensitive information about vulnerabilities to attackers before users have an opportunity to mitigate the risks posed by affected software, essentially increasing people and organizations’ exposure to cyber attacks.

As a CNA for vulnerability researchers, F-Secure is able to assign CVE identifiers to products and projects upon which it performs vulnerability analysis. According to Zak Maples, F-Secure Consulting’s Associate Director for the US, the accreditation will help F-Secure’s researchers and consultants quickly and clearly communicate information about vulnerabilities.

“Security research is a vital part of our work. And as a CNA, we can now take greater ownership of the process, information, and communications that software vendors and users rely on to learn about software vulnerabilities,” explained Maples. “Vendors, our clients, and the public can feel confident that any vulnerabilities we discover are disclosed clearly and timely, and in accordance with CVE Program standards.”

“The Common Vulnerabilities and Exposures (CVE) Team welcomes F-Secure as our newest CVE Numbering Authority (CNA). F-Secure has a strong reputation of contributing to the global cyber security community through F-Secure Labs and frequently publishing valuable cyber information. This experience brings high value to the CVE Team — we welcome this globally trusted partner!” said Scott Lawler, CEO LP3 and CVE Board Member.

More information on CNAs is available here.


About F-Secure

Nobody has better visibility into real-life cyber-attacks than F-Secure. We’re closing the gap between detection and response, utilizing the unmatched threat intelligence of hundreds of our industry’s best technical consultants, millions of devices running our award-winning software, and ceaseless innovations in artificial intelligence. Top banks, airlines, and enterprises trust our commitment to beating the world’s most potent threats. Together with our network of the top channel partners and over 200 service providers, we’re on a mission to make sure everyone has the enterprise-grade cyber security we all need.

Founded in 1988, F-Secure is listed on the NASDAQ OMX Helsinki Ltd.

f-secure.com | twitter.com/fsecure | linkedin.com/f-secure​ 


About the CVE Program

The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA), of the U.S. Department of Homeland Security (DHS) and is operated by the MITRE Corporation in close collaboration with international industry, academic, and government stakeholders.


F-Secure media relations

Adam Pilkey