NLnet Labs becomes a CVE Numbering Authority (CNA)

We are delighted to announce that NLnets Labs joins over 140 other leading technology organisations authorised to be a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA).

Common Vulnerabilities and Exposures (CVE) is an international, cybersecurity, community effort that maintains a list of standarised common identifiers for publicly disclosed cybersecurity vulnerabilities and exposures. CVE Numbering Authorities (CNAs) are organisations from around the world that are authorised to assign CVE numbers to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities.

We are joining this community effort to help address the CVE Program's primary challenge to satisfy the demand for timely, accurate CVE number assignments and the evolving state of vulnerability management. By being a CNA we will be able to:

Streamline vulnerability disclosure processes;
Assign CVE numbers without having to share embargoed information with another CNA;
Control the CVE publication release process for vulnerabilities in our scope (NLnet Labs products).

You can read about our disclosure policy and how to contact us securely at our security report page. Security advisories for all the products can be found here or at each product's own page.