Mirantis is Now a CVE Numbering Authority

Eric Gregory - February 10, 2022 - , ,
We’re pleased to announce that as of January 2022, the Common Vulnerabilities and Exposures (CVE) Program has designated Mirantis a CVE Numbering Authority (CNA). The CVE Program, sponsored by the U.S. Department of Homeland Security, identifies and catalogs vulnerabilities, fostering a more widespread and standardized understanding of the cybersecurity environment.

As a CVE Numbering Authority, the Mirantis Product Security Incident Response Team (PSIRT) is empowered to assign CVE codes to vulnerabilities in Mirantis products, contributing to the CVE Program’s mission of enhancing security and transparency across the industry.

A global initiative

“Security has always been a priority,” says Adam Parco, CTO at Mirantis, “and now as a CNA, we’ll join the industry initiative to have a consistent, standardized way of disclosing known vulnerabilities, so there can be a structured, coordinated approach to resolution for our users.”

Sponsored by the Cybersecurity and Infrastructure Security Agency (CISA), an agency of the U.S. Department of Homeland Security, the CVE Program is a global initiative that relies on contributions from an international community of industry, academic, and government stakeholders. Started in 1999 by the MITRE Corporation’s David E. Mann and Steven M. Christey, the CVE Program is dedicated to common identification of vulnerabilities. Working together to publish vulnerabilities to the CVE List, CNAs create a single, consistent, authoritative source of timely cybersecurity information.

As recent vulnerabilities in Log4j emerged, for example, CVE records gave industry professionals, security experts, journalists, and others a common language and set of facts on the issues that accelerated widespread mitigation efforts. And as the first Log4j vulnerabilities led to the discovery of new ones, distinct CVE records helped to distinguish the issues and clarify mitigation efforts. The CVE Program proved similarly essential for addressing high profile issues like “Heartbleed” (CVE-2014-0160) as well as thousands of vulnerabilities that haven’t received the same degree of media attention. Today, there are over 150,000 records in the CVE List.

Clear and standardized updates

Streamlined processes for sharing cybersecurity information are beneficial for all stakeholders — from users of Mirantis products to partners to members of the wider community.

As part of the CVE Program, the Mirantis PSIRT has a clear and standardized protocol for publishing vulnerability information that keeps users informed and contributes to the rapid resolution of issues. Security professionals are able to consult any records posted to the CVE List and discuss them with a base of common understanding, making resolution easier to coordinate. This ensures that the wider community receives the benefit of the Mirantis PSIRT’s rapid response as soon as possible.

For more information on the Mirantis PSIRT, you can read about the team’s mission and procedures here. To access the publicly available CVE List and search for records, see the CVE site

banner-img
From Virtualization to Containerization
Learn how to move from monolithic to microservices in this free eBook
Download Now
Radio Cloud Native – Week of May 11th, 2022

Every Wednesday, Nick Chase and Eric Gregory from Mirantis go over the week’s cloud native and industry news. This week they discussed: Docker Extensions Artificial Intelligence shows signs that it's reaching the common person Google Cloud TPU VMs reach general availability Google buys MobileX, folds into Google Cloud NIST changes Palantir is back, and it's got a Blanket Purchase Agreement at the Department of Health and Human …

Radio Cloud Native – Week of May 11th, 2022
Where do Ubuntu 20.04, OpenSearch, Tungsten Fabric, and more all come together? In the latest Mirantis Container Cloud releases!

In the last several weeks we have released two updates to Mirantis Container Cloud - versions 2.16 and 2.17, which bring a number of important changes and enhancements. These are focused on both keeping key components up to date to provide the latest functionality and security fixes, and also delivering new functionalities for our customers to take advantage of in …

Where do Ubuntu 20.04, OpenSearch, Tungsten Fabric, and more all come together? In the latest Mirantis Container Cloud releases!
Monitoring Kubernetes costs using Kubecost and Mirantis Kubernetes Engine [Transcript]

Cloud environments & Kubernetes are becoming more and more expensive to operate and manage. In this demo-rich workshop, Mirantis and Kubecost demonstrate how to deploy Kubecost as a Helm chart on top of Mirantis Kubernetes Engine. Lens users will be able to visualize their Kubernetes spend directly in the Lens desktop application, allowing users to view spend and costs efficiently …

Monitoring Kubernetes costs using Kubecost and Mirantis Kubernetes Engine [Transcript]
Mirantis Webstore
Purchase Kubernetes support
SHOP NOW
LIVE WEBINAR
Manage your cloud-native container environment with Mirantis Container Cloud

Wednesday, January 5 at 10:00 am PST
SAVE SEAT
LIVE WEBINAR
Istio in the Enterprise: Security & Scale Out Challenges for Microservices in k8s

Presented with Tetrate
SAVE SEAT