JFrog becomes latest organization authorized as numbering authority for vulnerabilities exposure
Software company JFrog has become the latest organization to be designated by the CVE Program as a CVE Numbering Authority.
Currently, there are 189 organizations from 31 countries participating as CNAs, with more than 100 based in the US.
The classification will allow the company to assign CVE identification numbers to newly discovered security vulnerabilities and publish related details in associated CVE Records for public consumption.
JFrog will now be authorized to work with the cybersecurity community on a variety of security issues and provide customers with differentiated remediation data through its JFrog Xray
Moran Ashkenazi, CISO and VP of Security Engineering at JFrog, said becoming a CNA will not only allow them to help security researchers verify and triage their vulnerabilities but also help keep companies’ binaries more secure by collaborating on potential threats with the wider security community.
“The number of security risks in software and connected devices continues to grow. As a CNA we’re empowered to work with the community to accelerate threat detection and share information on new vulnerabilities fast — before they compromise businesses,” Ashkenazi said.
CVE records are used around the world to identify and organize the critical software vulnerabilities that are discovered on a daily basis. Each vulnerability is assigned a CVE IDs by companies like JFrog.
JFrog Security CTO Asaf Karas said that with the CNA designation, the company can more effectively and efficiently disseminate the results of their research to customers and the software community in general — for both newly discovered vulnerabilities and existing CVE records that may be inaccurate or incomplete.
“With this achievement, JFrog reinforces its commitment to being an active participant in the security community and providing our customers with scalable, secure, development to edge DevSecOps solutions,” Karas said.