The CVE® Program has announced a significant expansion of its collaboration with Thales Group to strengthen the management and assignment of CVE Identifiers (CVE IDs) and the publication of CVE Records.
As part of this development, Thales Group has been officially designated as a “Root” for products and technologies of its subsidiaries.
Thales Group’s New Role in the CVE Ecosystem
By becoming a Root, Thales Group assumes critical responsibilities within the CVE Program. These include overseeing the efficient assignment of CVE IDs, ensuring compliance with CVE Program rules and guidelines, and managing the CVE Numbering Authorities (CNAs) under its scope.
Additionally, Thales will play an active role in recruiting and onboarding new CNAs and resolving disputes related to CVE assignments within its area of responsibility.
CNAs are key players in the CVE ecosystem. Each CNA is tasked with assigning CVE IDs to vulnerabilities, creating detailed CVE Records, and publishing associated vulnerability information.
Each CNA operates within a defined scope of responsibility. As of now, the CVE Program comprises 435 active CNAs (including 433 CNAs and 2 CNA-LRs) from 40 countries, as well as one CNA with no country affiliation.
Positioning Thales Group Among Other Roots
Thales Group now joins an esteemed group of Root organizations under the MITRE Top-Level Root. These include Google, JPCERT/CC, Red Hat, and the Spanish National Cybersecurity Institute (INCIBE). The CVE Program also includes CISA ICS, which operates as a Root under the CISA Top-Level Root.
The CVE Program’s multi-tiered structure is designed for scalability and efficiency in the critical work of identifying and managing vulnerabilities across the software and hardware ecosystem. Thales Group’s new role as a Root is a testament to its expertise and commitment to cybersecurity.
The CVE Program is a globally recognized initiative that identifies, defines, and catalogs publicly disclosed cybersecurity vulnerabilities.
Managed by a decentralized network of CNAs and Roots, the program ensures that vulnerabilities are assigned a universally recognized identifier (CVE ID) and are documented in a standardized manner.
For more details on the CVE Program’s organizational structure and its significant role in cybersecurity, visit the official CVE Program website.
This expansion of Thales Group’s responsibilities underscores the CVE Program’s dedication to enhancing global cybersecurity collaboration and ensuring robust vulnerability management.
ANY.RUN Threat Intelligence Lookup - Extract Millions of IOC's for Interactive Malware Analysis: Try for Free