WhiteSource Authorized as a CVE Numbering Authority

March 1, 2021

 WhiteSource, the leader in open source security and license compliance management, has been approved by the MITRE Corporation to identify and publicly disclose CVEs as a CVE Numbering Authority.

The Common Vulnerabilities and Exposures glossary (CVE) is a security project focused on publicly released software, funded by the US Division of Homeland Security and maintained by the MITRE Corporation. The CVE glossary collects information about security vulnerabilities and exposures, cataloging them according to various identifiers and providing them with unique IDs for quick referencing.

Most CVE IDs that are given to new vulnerabilities are issued by MITRE, while other CVEs receive their ID from commercial numbering authorities (non-governmental) who will number vulnerabilities and exposures found in software projects. As of December 2018, pending a MITRE certification process, commercial entities have been authorized to act as CVE Numbering Authorities (CNA), including Linux, Google, Microsoft, Mozilla, Red Hat, and now WhiteSource.

"We're excited with this opportunity to take part in the security research and open source communities' efforts to address open source security," said Shiri Arad Ivtsan, Director of Product Management at WhiteSource. "Becoming a CNA allows WhiteSource to join the many global forces taking on the challenge of application security to ensure that open source vulnerabilities are efficiently detected and remediated." Arad Ivtsan added: "We are committed to creating advanced remediation tools that boost organizations' application security efforts."

To learn more or submit a new CVE, visit https://www.whitesourcesoftware.com/vulnerability-database

Previous Article
WhiteSource for Hackers
WhiteSource for Hackers

Next Article
WhiteSource & Ponemon Report Reveals Over 70% of Enterprise's Application Portfolios Have Become More Vulnerable Over the Past Year
WhiteSource & Ponemon Report Reveals Over 70% of Enterprise's Application Portfolios Have Become More Vulnerable Over the Past Year