Mirantis announced the company's designation as a CVE Numbering Authority (CNA) by the CVE Program, which is sponsored by the U.S. Department of Homeland Security. As a CNA, the Mirantis Product Security Incident Response Team (PSIRT) is authorized to assign CVE identification numbers to security vulnerabilities in Mirantis products.
As
a newly designated CNA, Mirantis now can streamline the process of
publishing accurate and timely vulnerability information so its users
are well informed and able to quickly resolve security vulnerabilities.
"Security
has always been a priority and now as a CNA, we'll join the industry
initiative to have a consistent, standardized way of disclosing known
vulnerabilities, so there can be a structured, coordinated approach to
resolution for our users," said Adam Parco, CTO, Mirantis.
The
CVE Program is an international, community-based effort that relies on
the community to discover vulnerabilities. The vulnerabilities are
discovered then assigned and published to the CVE List.
Partners, like Mirantis, publish CVE Records to communicate consistent
descriptions of vulnerabilities. Information technology and
cybersecurity professionals use CVE Records to ensure they are
discussing the same issue, and to coordinate their efforts to prioritize
and address the vulnerabilities.
The
CVE Program is sponsored by the Cybersecurity and Infrastructure
Security Agency (CISA) of the U.S. Department of Homeland Security (DHS)
and is operated by the MITRE Corporation in close collaboration with
international industry, academic, and government stakeholders.