Ribose has been authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA), allowing it to publish authoritative cybersecurity vulnerability information of its products and services into the CVE List that feeds into the U.S. National Vulnerability Database (NVD).
CVE is an international, community-based effort that relies on discovery of vulnerabilities by the community and the subsequent assignment and publication of those vulnerabilities by CNAs in the publicly accessible CVE List. CNAs are responsible for publishing authoritative vulnerability information to allow information technology and cybersecurity professionals to prioritize and address vulnerabilities.
Ribose’s CNA is registered under the MITRE CNA root organization, with a scope of responsibility covering assignment of CVE numbers and publication of vulnerability information for all its proprietary as well as open-source products and services. The Ribose CNA website is now accessible at https://open.ribose.com.
“Ribose has long demonstrated its commitment to cybersecurity through our responsible disclosure program. Under the governance of the CVE Board, the Ribose CNA is now able to assign CVE identifiers for vulnerabilities discovered on our products and services, allowing us to communicate important cybersecurity information with our users as early as possible in a responsible and consistent manner,” said Ronald Tse, founder of Ribose. “With users increasingly relying on our products and services for mission critical usage, we are excited to strengthen our cybersecurity commitment by joining the CVE Program as a CVE Numbering Authority.”
