ESET joins ranks as a CVE Numbering Authority (CNA)

Bratislava, 24 June 2021 – Working in concert with the Common Vulnerabilities and Exposures (CVE®) Program, ESET, the leading Europe-based endpoint protection platform vendor, is authorized by the CVE Program as a CVE Numbering Authority (CNA).

Organizations designated as CNAs are responsible for the assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record.

The status means that ESET will be able to publish CVE Records, including the CVE ID, descriptor, and references concerning vulnerabilities discovered in its own products and those discovered by ESET researchers in third-party products not covered by other CNAs. As a CNA, ESET can better fulfill its leadership role in innovating security technologies and product R&D and promoting high security standards in the broader IT ecosystem.

“Engaging in the international, community-driven Common Vulnerabilities and Exposures (CVE®) Program brings us closer to our goal of supporting ongoing collaboration with the wider cybersecurity sector, as well as with academic, business, and government stakeholders. Simultaneously, it allows our internal security and R&D teams to more efficiently and consistently address security weaknesses wherever they may be, and to remain proactive in fighting vulnerabilities and threats,” says Daniel Chromek, chief information security officer at ESET.

ESET is a strong believer in, as well as a practitioner of, the coordinated vulnerability disclosure process and publicly credits security vulnerability reporters for their efforts (if they do not wish to remain anonymous). If you have interest in hunting for vulnerabilities, or other security issues, in ESET products or websites, read more about our partnership with HackTrophy, or find out more here.

About ESET
For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure, and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multifactor authentication, ESET’s high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET’s R&D centers worldwide, working in support of our shared future. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter.

About the CVE Program  
The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.