15 September 2017

MITRE Grants Kaspersky Lab CVE Numbering Authority (CNA) Status

The MITRE Corporation has recognized Kaspersky Lab as an authority in the area of vulnerabilities, granting the company the CVE Numbering Authority (CNA) status.

As of August 2017, there were 73 CNAs globally, two of them in Russia. According to the established classification, Kaspersky Lab became a CNA as a Vulnerability Researcher. It is the sixth company in the world with this status.

A group of researchers at Kaspersky Lab ICS CERT regularly carry out work related to identifying vulnerabilities in industrial automation software solutions and coordinating joint efforts with industrial vendors to close the vulnerabilities identified. Kaspersky Lab ICS CERT researchers’ efforts to find vulnerabilities was noted by US ICS-CERT in its annual report for 2016.

Within the framework of the CNA program, Kaspersky Lab can assign CVE numbers to newly identified vulnerabilities and publicly disclose information on these vulnerabilities. The scope of this authority includes the company’s own products and third-party software not covered by another CNA.

Kaspersky Lab was granted the CNA status in recognition of the expertise of its research team and the process established by the company to improve the cybersecurity of its own products.