When it comes to cybersecurity vulnerabilities, having timely and accurate information is key, and joining together with others to share issues helps get them addressed faster.
Solidigm recently completed the authorization process to be a part of the Common Vulnerabilities and Exposures (CVE®) Program, an international, community-based organization for companies to publicly disclose and catalog issues they’ve discovered in their products that are potential cybersecurity vulnerabilities.
Solidigm has been authorized as a “CNA” or “CVE Numbering Authority.” This designation allows Solidigm to publish known issues in a trusted industry-standard database used by IT and cybersecurity professionals to make them aware of potential security issues that can affect their products and customers.
Vanessa Acuna, Technical Marketing Program Manager, who managed Solidigm’s application, explains. “CNAs are responsible for assigning CVE IDs to vulnerabilities and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing.”
“This is an industry best practice,” says Gamil Cain, Solidigm’s Lead Security Architect. “It is the de-facto process to follow if you're going to publicly communicate about security vulnerabilities in your product.”
Gamil says being part of the CVE Program not only allows Solidigm to work with other organizations to report and fix vulnerability issues, but it demonstrates to partners and customers that Solidigm takes security seriously.
Acuna agrees, saying, “We look forward using our new position as a CNA to enable more flexible and agile ways to communicate vulnerabilities to customers.”
For more on how Solidigm addresses SSD vulnerabilities, visit our Security page.
More information about the CVE program can be found here: https://cve.mitre.org/