News
Vendors

Cybellum’s Product Security platform secures MITRE CWE-compatible designation

November 22, 2023
Cybellum joins forces with M-ISAC to help Japanese MDMs improve cybersecurity

Cybellum announced that its Product Security Platform has been formally designated as ‘CWE-Compatible’ by MITRE’s Common Weakness Enumeration (CWE) Compatibility and Effectiveness Program. The MITRE CWE designation means that Chief Product Security Officers (CPSOs) and their teams can manage the vulnerabilities and associated risks identified to their connected devices within a globally trusted framework.

CWE is a community-developed list of software and hardware weakness types. It serves as a common language, a benchmark for security tools, and as a baseline for weakness identification, mitigation, and prevention efforts, Annette Habani, marketing manager at Cybellum, detailed in a company blog post.

CWE-Compatible products and Services must meet four requirements. The first is that they must be CWE searchable whereby users may search security elements using CWE identifiers. In addition, they must present CWE output, in which security elements presented to users include, or allow users to obtain, associated CWE identifiers. They must have mapping accuracy of security elements that accurately link to the appropriate CWE identifiers and there must be documentation describing the CWE, CWE compatibility, and how CWE-related functionality in the capability is used.

“Securing official recognition as CWE-Compatible is a great achievement for Cybellum that not only affirms our commitment to excellence but places Cybellum at the forefront of product security innovation,” Michael Engstler, co-founder and CTO of Cybellum, said in the blog post. “Cybellum’s Product Security Platform aligns security and compliance teams, developers, and executives around one source of security truth that they can all rely on for ongoing vulnerability monitoring and compliance with the ever-changing landscape of emerging regulations.”

CWE has emerged as the de facto reference resource that guides security-conscious developers, especially those involved in developing embedded systems for safety-critical products. Cybellum’s Product Security Platform uncovers and manages vulnerabilities in Java files and supported OS components and in executables from any of the supported CPU architectures including Intel x86/x64, ARM, PowerPC, MIPS, and more. 

The threats can also be detected in UNIX/Linux ELF and Microsoft Windows PE executable files. It also can uncover vulnerabilities in executables from any of the supported microcontroller architectures including ARM, Renesas RH850/V850, Infineon TriCore, and others.

“At Cybellum, we understand the profound impact that vulnerabilities can have on embedded systems, particularly those that underpin critical sectors,” said Roman Kesler, vice president of research at Cybellum. “Achieving CWE compatibility is not just a validation of our product’s robustness, it also signifies our alignment with the industry’s best practices and our dedication to equipping product security practitioners with the tools they need to fortify their systems against potential threats.”

MITRE CWE is continually updated and maintained by a community of security experts, developers, researchers, and organizations from both the public and private sectors. The collaborative nature of CWE ensures that it remains a dynamic and evolving resource that reflects the latest insights into product security.

Cybellum supports companies that rely on the MITRE CWE program by focusing on multi-team collaborative product security – from asset management and software assurance to incident response and cyber-compliance. It also aggregates and manages product assets based on data coming from multiple sources, from SBOMs to CWE and other vulnerability databases, and syncs MITRE’s database with Cybellum’s VM CoPilot to triage vulnerabilities automatically, saving the time and resources needed for vulnerability prioritization. 

Additionally, it provides a customizable Policy Engine that automates requirement validation and allows teams to produce reports for over 50 cybersecurity regulations, accelerating compliance with regulations and own policies. It also refines intelligence monitoring, automated relevance assessments, and impact-focused investigation workflows for rapid remediation of post-market incidents. 

Last month, Cybellum announced a partnership with itemis to provide comprehensive cybersecurity solutions for the automotive industry. Drawing on their respective expertise, they have established an alliance that will allow OEMs (original equipment manufacturers) and Tier-N suppliers to better secure their connected products.

Industrial Cyber News Desk
Industrial Cyber News Desk

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

TXOne’s Portable Security Pro works towards improving security in ICS environments
TXOne Networks presents SageOne, its new CPS protection platform
Critical Start
Critical Start introduces managed detection and response services for OT environments
Shift5
Shift5 debuts GPS integrity module to combat GPS spoofing risks
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program