After completing several stages to strengthen security procedures, Zabbix proudly announces that it has joined the CVE Program to assign CVE IDs to vulnerabilities affecting Zabbix products and projects.
The CVE program is the de facto international standard for identifying and naming cyber security vulnerabilities. The Common Vulnerabilities and Exposures (CVE®) Program’s primary purpose is to uniquely identify vulnerabilities and to associate specific versions of code bases (e.g., software and shared libraries) to those vulnerabilities – as stated on CVE Program website.
CVE Numbering Authorities (CNAs) are organizations from around the world that are authorized to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. These CVE IDs are provided to researchers, vulnerability disclosers, and information technology vendors.
Zabbix as an information technology vendor providing network infrastructure monitoring software has become a CNA for information-security vulnerabilities for Zabbix only.
Read the complete article on: https://blog.zabbix.com/zabbix-authorized-to-be-a-cve-numbering-authority-cna/11491/