NEW! Mirantis Academy -   Learn confidently with expert guidance and On-demand content.   Learn More


Mirantis is Now a CVE Numbering Authority


We’re pleased to announce that as of January 2022, the Common Vulnerabilities and Exposures (CVE) Program has designated Mirantis a CVE Numbering Authority (CNA). The CVE Program, sponsored by the U.S. Department of Homeland Security, identifies and catalogs vulnerabilities, fostering a more widespread and standardized understanding of the cybersecurity environment.

As a CVE Numbering Authority, the Mirantis Product Security Incident Response Team (PSIRT) is empowered to assign CVE codes to vulnerabilities in Mirantis products, contributing to the CVE Program’s mission of enhancing security and transparency across the industry.

A global initiative

“Security has always been a priority,” says Adam Parco, CTO at Mirantis, “and now as a CNA, we’ll join the industry initiative to have a consistent, standardized way of disclosing known vulnerabilities, so there can be a structured, coordinated approach to resolution for our users.”

Sponsored by the Cybersecurity and Infrastructure Security Agency (CISA), an agency of the U.S. Department of Homeland Security, the CVE Program is a global initiative that relies on contributions from an international community of industry, academic, and government stakeholders. Started in 1999 by the MITRE Corporation’s David E. Mann and Steven M. Christey, the CVE Program is dedicated to common identification of vulnerabilities. Working together to publish vulnerabilities to the CVE List, CNAs create a single, consistent, authoritative source of timely cybersecurity information.

As recent vulnerabilities in Log4j emerged, for example, CVE records gave industry professionals, security experts, journalists, and others a common language and set of facts on the issues that accelerated widespread mitigation efforts. And as the first Log4j vulnerabilities led to the discovery of new ones, distinct CVE records helped to distinguish the issues and clarify mitigation efforts. The CVE Program proved similarly essential for addressing high profile issues like “Heartbleed” (CVE-2014-0160) as well as thousands of vulnerabilities that haven’t received the same degree of media attention. Today, there are over 150,000 records in the CVE List.

Clear and standardized updates

Streamlined processes for sharing cybersecurity information are beneficial for all stakeholders — from users of Mirantis products to partners to members of the wider community.

As part of the CVE Program, the Mirantis PSIRT has a clear and standardized protocol for publishing vulnerability information that keeps users informed and contributes to the rapid resolution of issues. Security professionals are able to consult any records posted to the CVE List and discuss them with a base of common understanding, making resolution easier to coordinate. This ensures that the wider community receives the benefit of the Mirantis PSIRT’s rapid response as soon as possible.

For more information on the Mirantis PSIRT, you can read about the team’s mission and procedures here. To access the publicly available CVE List and search for records, see the CVE site

Choose your cloud native journey.

Whatever your role, we’re here to help with open source tools and world-class support.


Subscribe to our bi-weekly newsletter for exclusive interviews, expert commentary, and thought leadership on topics shaping the cloud native world.