JFrog becomes latest organization authorized as numbering authority for vulnerabilities exposure

Tool corporate JFrog has change into the newest group to be designated by way of the CVE Program as a CVE Numbering Authority.

Lately, there are 189 organizations from 31 international locations taking part as CNAs, with greater than 100 primarily based in the United States. 

The classification will permit the corporate to assign CVE identity numbers to newly found out safety vulnerabilities and submit comparable main points in related CVE Data for public intake. 

JFrog will now be approved to paintings with the cybersecurity group on a number of safety problems and supply shoppers with  differentiated remediation knowledge thru its JFrog Xray

Moran Ashkenazi, CISO and VP of Safety Engineering at JFrog, mentioned changing into a CNA is not going to handiest let them assist safety researchers test and triage their vulnerabilities but in addition assist stay firms’ binaries extra safe by way of participating on doable threats with the broader safety group.

“The selection of safety dangers in device and attached gadgets continues to develop. As a CNA we are empowered to paintings with the group to boost up risk detection and proportion data on new vulnerabilities speedy — prior to they compromise companies,” Ashkenazi mentioned. 

CVE information are used around the globe to spot and prepare the essential device vulnerabilities which might be found out every day. Each and every vulnerability is assigned a CVE IDs by way of firms like JFrog. 

JFrog Safety CTO Asaf Karas mentioned that with the CNA designation, the corporate can extra successfully and successfully disseminate the result of their analysis to shoppers and the device group typically — for each newly found out vulnerabilities and current CVE information that can be erroneous or incomplete.

“With this success, JFrog reinforces its dedication to being an lively player within the safety group and offering our shoppers with scalable, safe, construction to edge DevSecOps answers,” Karas mentioned. 

Leave a Reply

Your email address will not be published. Required fields are marked *