As a CVE Numbering Authority, the Mirantis Product Security Incident Response Team (PSIRT) is empowered to assign CVE codes to vulnerabilities in Mirantis products, contributing to the CVE Program’s mission of enhancing security and transparency across the industry.
A global initiative
“Security has always been a priority,” says Adam Parco, CTO at Mirantis, “and now as a CNA, we’ll join the industry initiative to have a consistent, standardized way of disclosing known vulnerabilities, so there can be a structured, coordinated approach to resolution for our users.”
Sponsored by the Cybersecurity and Infrastructure Security Agency (CISA), an agency of the U.S. Department of Homeland Security, the CVE Program is a global initiative that relies on contributions from an international community of industry, academic, and government stakeholders. Started in 1999 by the MITRE Corporation’s David E. Mann and Steven M. Christey, the CVE Program is dedicated to common identification of vulnerabilities. Working together to publish vulnerabilities to the CVE List, CNAs create a single, consistent, authoritative source of timely cybersecurity information.
As recent vulnerabilities in Log4j emerged, for example, CVE records gave industry professionals, security experts, journalists, and others a common language and set of facts on the issues that accelerated widespread mitigation efforts. And as the first Log4j vulnerabilities led to the discovery of new ones, distinct CVE records helped to distinguish the issues and clarify mitigation efforts. The CVE Program proved similarly essential for addressing high profile issues like “Heartbleed” (CVE-2014-0160) as well as thousands of vulnerabilities that haven’t received the same degree of media attention. Today, there are over 150,000 records in the CVE List.
Clear and standardized updates
Streamlined processes for sharing cybersecurity information are beneficial for all stakeholders — from users of Mirantis products to partners to members of the wider community.
As part of the CVE Program, the Mirantis PSIRT has a clear and standardized protocol for publishing vulnerability information that keeps users informed and contributes to the rapid resolution of issues. Security professionals are able to consult any records posted to the CVE List and discuss them with a base of common understanding, making resolution easier to coordinate. This ensures that the wider community receives the benefit of the Mirantis PSIRT’s rapid response as soon as possible.