Edgewatch Named Common Vulnerabilities and Exposures Numbering Authority

Edgewatch, is proud to announce its designation as a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA)

Valencia, Spain — April 30, 2024

Edgewatch, a premier provider of external security assessments and security solutions across Europe, is proud to announce its designation as a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA), effective immediately. This new status empowers Edgewatch to assign CVE Identifiers to vulnerabilities discovered in both their own and in third-party vendors’ products (if not covered by another CNA). CVEs assigned by Edgewatch will be incorporated into the global CVE List, which serves as a catalog of publicly known information security vulnerabilities and exposures, facilitating a uniform method of identifying Cybersecurity issues.

The CVE Program aims to enhance the interoperability of data across diverse vulnerability tools, repositories, and services by providing standardized identifiers for known vulnerabilities and exposures. This standardization allows stakeholders to efficiently and accurately obtain information about security issues from multiple CVE-compatible sources.

We are honored to join the ranks of CNAs and look forward to collaborating with the CVE Program and the CNA community. Our dedication to expanding our capabilities in vulnerability research and compliance automation supports our mission to actively combat global cyber threats

Lucía Mundina, CEO of Edgewatch

Lucía Mundina, CEO of Edgewatch, expressed enthusiasm about the new role, stating, ‘We are honored to join the ranks of CNAs and look forward to collaborating with the CVE Program and the CNA community. Our dedication to expanding our capabilities in vulnerability research and compliance automation supports our mission to actively combat global cyber threats.’ Mundina also took the opportunity to extend a heartfelt thanks to the Spanish National Cybersecurity Institute (INCIBE) and their dedicated team for their invaluable support throughout the CNA onboarding process. ‘We deeply appreciate INCIBE’s patience and expertise, which were essential in navigating the complexities of becoming a CNA and preparing us to fulfill our responsibilities effectively. Their collaborative spirit and commitment to advancing cybersecurity practices not only supported our journey but also reinforced our commitment to enhancing global cyber resilience.

Edgewatch’s involvement in the CVE Program underscores its deep commitment to advancing security practices and empowering the community through education on cybersecurity risks. The company views security as a collective responsibility that requires concerted effort and open collaboration to address effectively.

As a CNA, Edgewatch is now authorized to officially recognize and catalog vulnerabilities in software products, in line with the guidelines and standards set by the CVE Board. This role supports Edgewatch’s ongoing efforts to drive meaningful improvements in security practices and to enhance the overall security landscape.

About the CVE Program

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered, then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities. For more information visit: www.cve.org

About INCIBE

Spanish National Cybersecurity Institute (INCIBE), has been designated as a Root in the CVE Program for Spainish Organizations. As a Root, INCIBE is responsible for ensuring the effective assignment of CVE IDs, implementing the CVE Program rules and guidelines, and managing the CVE Numbering Authorities (CNAs) under its care. It is also responsible for recruitment and onboarding of new CNAs and resolving disputes within its scope. For more information visit: www.incibe.es

About Edgewatch

Edgewatch’s security intelligence services offer visibility into emerging threats and provide actionable knowledge about threat actors, utilizing comprehensive internet data collection. The Edgewatch Attack Surface Management Platform helps companies identify, monitor, and analyze internet-accessible devices. This service ensures a thorough overview of an organization’s digital presence, identifies vulnerabilities, and delivers proactive security management insights. Key features include real-time threat intelligence, vulnerability management, and compliance with various international standards. For more information, please visit www.edgewatch.com