Identity security company Delinea has been authorised for a key vulnerabilities and exposures (CVE) programme.
According to the specialist vendor, as a CVE numbering authority (CNA), it can identify, catalogue and define publicly disclosed vulnerabilities in its software.
“As a CNA, Delinea is authorised to review and assign CVE IDs to newly discovered zero-day vulnerabilities,” it said.
Delinea joins a list of CVE programme partners that includes some 420 organisations from 40 countries.
Consequently, CNAs are responsible for regularly assigning CVE identifiers to vulnerabilities. It can also create and publish information about the vulnerability in associated CVE records.
“Delinea can directly establish new CVEs, streamline the reporting process, and continue to foster collaboration with the industry.”
Phil Calvin, chief product officer at Delinea. added: “Safeguarding identities and governing their interactions is more critical than ever.”
Its identity security platform and privileged access management (PAM) aims at helping govern interactions. This includes applying “context and intelligence throughout the identity lifecycle”, Calvin said.
A US sponsored international programme
Delinea said the CVE programme is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security.
The programme is operated by the MITRE Corporation collaborating with various other industry, academic, and government stakeholders.
“Use of CVE records enables information technology and cybersecurity professionals to ensure they are discussing the same issue,” the vendor said.
As a result, the programme helps coordinate efforts to prioritise and address vulnerabilities, potentially saving time and money for end-users down the track.
