Nozomi Networks Authorised To Be A CVE Numbering Authority | #exploits | #vulnverabilities


Becomes first OT & IoT security specialist to
join the globally recognised program

 Nozomi Networks
Inc.
, the leader in OT and IoT security, today announced
it has been recognised by the CVE Program as an authorised
CVE Numbering Authority (CNA), assigning CVEs in the area of
OT & IoT vulnerabilities. The CVE Program is sponsored
by the U.S. Department of Homeland Security (DHS)
Cybersecurity and Infrastructure Security Agency (CISA) and
operated by MITRE. It is the de facto international standard
for identifying and naming cybersecurity vulnerabilities.
Nozomi Networks joins an elite group of 136 CNA
organisations spanning 24 countries and is the first OT
& IoT security specialist to join the
program.

“We are pleased to grant Nozomi Networks
CVE Numbering authority,” said Scott Lawler, CEO LP3 and
CVE Board Member. “In addition to a deep commitment to
ensuring the security of their own products, a team of
researchers in Nozomi Networks Labs also works to identify
vulnerabilities in other industrial equipment and software.
Nozomi Networks leads their industry in the number of
responsible disclosures made to the United States ICS-CERT.
They’ve consistently demonstrated a high level of
professionalism and expertise in helping impacted customers
and vendors quickly address identified vulnerabilities.
Their specialised expertise in OT and IoT cybersecurity and
the processes they have established to ensure the
cybersecurity of their own products make them a valued
member of the CNA team.”

As a CNA, Nozomi Networks
can now assign CVE numbers to newly identified
vulnerabilities and publicly disclose information about
these vulnerabilities. This includes assigning CVE numbers
to vulnerabilities found in the company’s own products as
well as third-party automation and industrial products not
covered by another CNA.

Since 2013, Nozomi Networks
researchers have made more than a dozen responsible
disclosures, which to date have resulted in 13 CISA ICS-CERT
Advisories. The company uses the MITRE ATT&CK Framework
for ICS terminology in its detection and alerting
capabilities, providing immediate context for any detected
activity and reducing the need for additional research to
understand the significance of the behaviour. Nozomi
Networks products are ISO 9001: 2015 certified. Additionally
Nozomi Networks’ Product Security Incident Response Team
(PSIRT) supports solidly defined procedures for managing
product vulnerabilities.

“We are honoured to receive
CNA status,” said Nozomi Networks Co-founder and CTO
Moreno Carullo. “Our passion for helping our customers and
the industry as a whole fuels Nozomi Networks’ history of
innovation and success. This is a significant milestone that
allows us to do even more in our efforts to strengthen the
security of the operational infrastructure that people rely
upon around the world.”

For more information read
the Nozomi Networks blog post: CISA-sponsored
CVE Program Grants Nozomi Networks CNA
Status
.

###

About Nozomi
Networks

Nozomi Networks is the leader in OT and
IoT security and visibility. We accelerate digital
transformation by unifying cybersecurity visibility for the
largest critical infrastructure, energy, manufacturing,
mining, transportation, building automation and other OT
sites around the world. Our innovation and research make it
possible to tackle escalating cyber risks through
exceptional network visibility, threat detection and
operational insight. www.nozominetworks.com

About
the CVE Program

Common Vulnerabilities and Exposures
(CVE®) is an international, community-based effort that
maintains a community-driven, open data registry of
vulnerabilities. The CVE IDs assigned through the registry
enable program stakeholders to rapidly discover and
correlate vulnerability information used to protect systems
against attacks. The CVE Program currently has 136 CNA’s
in 24 countries, globally across technologies and
services.

 

© Scoop Media

 



Click here for the original Source.

_________________________________________________________________________________________

Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Leave a Reply