WhiteSource, the leader in open source security and license compliance management, has been approved by the MITRE Corporation to identify and publicly disclose CVEs as a CVE Numbering Authority.
The Common Vulnerabilities and Exposures glossary (CVE) is a security project focused on publicly released software, funded by the US Division of Homeland Security and maintained by the MITRE Corporation. The CVE glossary collects information about security vulnerabilities and exposures, cataloging them according to various identifiers and providing them with unique IDs for quick referencing.
Most CVE IDs that are given to new vulnerabilities are issued by MITRE, while other CVEs receive their ID from commercial numbering authorities (non-governmental) who will number vulnerabilities and exposures found in software projects. As of December 2018, pending a MITRE certification process, commercial entities have been authorized to act as CVE Numbering Authorities (CNA), including Linux, Google, Microsoft, Mozilla, Red Hat, and now WhiteSource.
“We're excited with this opportunity to take part in the security research and open source communities' efforts to address open source security,” said Shiri Arad Ivtsan, Director of Product Management at WhiteSource. “Becoming a CNA allows WhiteSource to join the many global forces taking on the challenge of application security to ensure that open source vulnerabilities are efficiently detected and remediated.” Arad Ivtsan added: “We are committed to creating advanced remediation tools that boost organizations' application security efforts.”
To learn more or submit a new CVE, visit https://www.whitesourcesoftware.com/vulnerability-database