JFrog Authorized as a Numbering Authority for Vulnerabilities Exposure
CNA Certification Enables JFrog’s Research Team to Identify and Mitigate Vulnerabilities that Threaten Customer Systems and National Infrastructure
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20211004005550/en/
CNA Certification Enables JFrog’s Research Team to Identify and Mitigate Vulnerabilities that Threaten Customer Systems and National Infrastructure. (Graphic: Business Wire)
"Becoming a CNA will not only allow us to help security researchers verify and triage their vulnerabilities but also help keep companies’ binaries more secure by collaborating on potential threats with the wider security community,” said
Cybersecurity and IT professionals worldwide use CVE records to identify, prioritize, and coordinate their efforts for addressing critical software vulnerabilities. CVE IDs are assigned by CNAs like JFrog on a voluntary basis. With this certification, JFrog becomes one of the only DevSecOps leaders to join approximately 180 other CNA authorized commercial entities such as Linux, Red Hat, Google, Microsoft, and more as trusted security community contributors.
“As a CNA, we can more effectively and efficiently disseminate the results of our unique research to our customers and the software community in general—for both newly discovered vulnerabilities and existing CVE records that may be inaccurate or incomplete,” said
For more information on JFrog’s CNA certification, how it will help protect businesses and the nation’s critical infrastructure, plus the process of security vulnerability disclosures read this blog or visit https://jfrog.com/trust/.
JFrog is on a mission to be the company powering all of the world’s software updates, driven by a “Liquid Software” vision to allow the seamless, secure flow of binaries from developers to the edge. The company’s end-to-end DevOps platform – the JFrog Platform - provides the tools and visibility required by modern organizations to solve today’s challenges across critical pieces of the DevOps cycle. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as both self-managed and SaaS services on AWS, Microsoft Azure, and Google Cloud. JFrog is trusted by millions of users and thousands of customers, including a majority of the Fortune 100 companies that depend on JFrog solutions to manage their mission-critical software delivery pipelines. Learn more at jfrog.com.
About the CVE Program
The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is
The CVE Program relies on the community to discover vulnerabilities. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. The CVE Board, which drives the direction of the CVE Program, consists of industry, academic, and government representatives from around the world. CVE Working Groups develop the program’s policies (approved by the CVE Board) and are open to the community.
About CVE Numbering Authorities
CVE Numbering Authorities (CNAs) are organizations from around the world that are authorized to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. These CVE IDs are provided to researchers, vulnerability disclosures, and information technology vendors. Participation in this program is voluntary, and the benefits of participation include the ability to publicly disclose a vulnerability with an already assigned CVE ID, the ability to control the disclosure of vulnerability information without pre-publishing, and notification of vulnerabilities in products within a CNA's scope by researchers who request a CVE ID from them. To review the products covered by each CNA, visit the Request a CVE ID page.
The JFrog name, logo mark and all JFrog product names are registered trademarks or trademarks of
Other company names and product / service names mentioned in this press release are registered trademarks or trademarks of each company.