Nozomi Networks Inc. today announced it has been recognized by the CVE Program as an authorized CVE Numbering Authority (CNA), assigning CVEs in the area of OT & IoT vulnerabilities. The CVE Program is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and operated by MITRE. It is the de facto international standard for identifying and naming cybersecurity vulnerabilities. Nozomi Networks joins an elite group of 136 CNA organizations spanning 24 countries and is the first OT & IoT security specialist to join the program.
“We are pleased to grant Nozomi Networks CVE Numbering authority,” said Scott Lawler, CEO LP3 and CVE Board Member said in a press release. “In addition to a deep commitment to ensuring the security of their own products, a team of researchers in Nozomi Networks Labs also works to identify vulnerabilities in other industrial equipment and software. Nozomi Networks leads their industry in the number of responsible disclosures made to the United States ICS-CERT. They’ve consistently demonstrated a high level of professionalism and expertise in helping impacted customers and vendors quickly address identified vulnerabilities. Their specialized expertise in OT and IoT cybersecurity and the processes they have established to ensure the cybersecurity of their own products make them a valued member of the CNA team.”
As a CNA, Nozomi Networks can now assign CVE numbers to newly identified vulnerabilities and publicly disclose information about these vulnerabilities. This includes assigning CVE numbers to vulnerabilities found in the company’s own products as well as third-party automation and industrial products not covered by another CNA.