Home Academic information JFrog licensed as numbering authority for vulnerability exposure

JFrog licensed as numbering authority for vulnerability exposure


SUNNYVALE, Calif .– (COMMERCIAL THREAD) – JFrog Ltd. (NASDAQ: FROG), the company Liquid Software and the creators of the JFrog DevOps platform, today announced that it has been designated by the CVE program as the CVE Numbering Authority (CNA). With this certification, JFrog joins an elite group of public and private sector organizations authorized to assign CVE ID numbers to newly discovered security vulnerabilities and publish the associated details in associated CVE records for public consumption. This designation allows JFrog to work with the global security community to accelerate threat detection, while providing customers with the latest vulnerability information and differentiated remediation data through JFrog Xray.

“Becoming a CNA will allow us not only to help security researchers check and sort their vulnerabilities, but also to strengthen the security of enterprise binaries by collaborating on potential threats with the security community at large.” said Moran Ashkenazi, CISO and vice president of security engineering, JFrog. “The number of security risks in software and connected devices continues to grow. As CNAs, we are empowered to work with the community to accelerate threat detection and quickly share information about new vulnerabilities, before they can. they don’t compromise businesses. ”

Cyber ​​security and IT professionals around the world use CVE records to identify, prioritize, and coordinate their efforts to remediate critical software vulnerabilities. CVE identifiers are assigned by CNAs like JFrog on a voluntary basis. With this certification, JFrog becomes one of the only DevSecOps leaders to join approximately 180 other CNA authorized business entities such as Linux, Red Hat, Google, Microsoft and many more as trusted contributors to the community of security.

“As CNAs, we can more effectively and efficiently disseminate the results of our unique research to our customers and the software community at large, both for newly discovered vulnerabilities and existing CVE records which may be inaccurate or incomplete. “Said Asaf Karas, JFrog CTO of Security” With this achievement, JFrog reinforces its commitment to be an active participant in the security community and to provide our customers with scalable and secure development solutions at the edge of DevSecOps . ”

For more information on JFrog’s CNA certification, how it will help protect businesses and critical infrastructure across the country, and the security vulnerability disclosure process, read this blog or visit https://jfrog.com /trust/.

About JFrog

JFrog’s mission is to be the company that powers all software updates in the world, driven by a vision of “liquid software” to enable the seamless and secure flow of binary files from developers to the edge. The company’s end-to-end DevOps platform – the JFrog Platform – provides the tools and visibility required by modern organizations to solve today’s challenges through critical elements of the DevOps cycle. JFrog’s hybrid, universal, multi-cloud DevOps platform is available as self-managed and SaaS services on AWS, Microsoft Azure, and Google Cloud. JFrog is trusted by millions of users and thousands of customers, including the majority of Fortune 100 companies that depend on JFrog solutions to manage their critical software delivery pipelines. Learn more at jfrog.com.

About the CVE program

The mission of the Common Vulnerabilities and Exposures (CVE®) program is to identify, define and catalog publicly disclosed cybersecurity vulnerabilities. There is a CVE record for each vulnerability in the catalog. Vulnerabilities are discovered, then attributed and published by organizations around the world that have partnered with the CVE program. Partners publish CVE records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE records to ensure they are discussing the same issue and to coordinate their efforts to prioritize and address vulnerabilities. The CVE Vulnerability List, which powers the United States National Vulnerability Database (VulnDB), is compiled by the CVE Numbering Authorities (CNA). The CVE program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) of the United States Department of Homeland Security (DHS).

The CVE program relies on the community to discover vulnerabilities. Vulnerabilities are discovered, then attributed and published by organizations around the world that have partnered with the CVE program. The CVE Board of Directors, which leads the direction of the CVE program, is made up of representatives from industry, academia and governments from around the world. CVE working groups develop program policies (approved by the CVE Board) and are open to the community.

About CVE Numbering Authorities

CVE Numbering Authorities (CNAs) are organizations around the world that are authorized to assign CVE identifiers to vulnerabilities affecting products within their separate and agreed scope, for inclusion in early public announcements of new vulnerabilities. These CVE identifiers are provided to researchers, vulnerability disclosures, and information technology vendors. Participation in this program is voluntary, and the benefits of participation include the ability to publicly disclose a vulnerability with an already assigned CVE ID, the ability to control disclosure of vulnerability information without prior publication, and notification of product vulnerabilities to the within a CNA. carried by researchers who ask them for a CVE identifier. To review the products covered by each CNA, visit the Request a CVE ID page.

The JFrog name, logo and all JFrog product names are registered trademarks or trademarks of JFrog Ltd.

Other company names and product / service names mentioned in this press release are registered trademarks or trademarks of each company.

Source link