CERT-In authorized as CVE Numbering Authority (CNA)

  • 08 Nov 2021

To nurture responsible vulnerability research in the country, CERT-In has partnered with the Common Vulnerabilities and Exposures (CVE) Program.

  • In this regard, Indian Computer Emergency Response Team (CERT-In) has been authorized by the CVE Program, as a CVE Numbering Authority (CNA) for vulnerabilities impacting all products designed, developed and manufactured in India.

About CVE Program

  • The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. It is an international, community-based effort and relies on the community to discover vulnerabilities. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities.

About CNAs

  • CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the Vulnerability in the associated CVE Record.
  • The CVE List is built by CVE Numbering Authorities (CNAs).
  • Every CVE Record added to the list is assigned by a CNA. The CVE Records published in the catalog enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks.