HomeCybersecurityNEWS&INDUSTRY

Nozomi Networks Becomes CVE Numbering Authority

Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities an

Black Hat Wrap-Up: IoT and Hardware Vulnerabilities Take the Spotlight
Netgear Starts Patching Serious Vulnerabilities Affecting Tens of Products
Researchers Hijack 28,000 Printers to Show How Easily They Can Be Hacked

Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA).

As a CNA, the company will be able to assign CVE identifiers to vulnerabilities found in its own products or in third-party IoT and industrial products that are not covered by another organization.

There are currently over 130 CVE Numbering Authorities across 24 countries, but Nozomi says it’s the first OT and IoT cybersecurity firm to become a CNA.

Researchers at Nozomi have identified a significant number of vulnerabilities in industrial products, including from Emerson, Siemens and Mitsubishi Electric. The company says CISA has published 13 advisories based on its employees’ findings.

“We are pleased to grant Nozomi Networks CVE Numbering authority,” said Scott Lawler, CEO of LP3 and CVE Board Member. “In addition to a deep commitment to ensuring the security of their own products, a team of researchers in Nozomi Networks Labs also works to identify vulnerabilities in other industrial equipment and software.”

“Nozomi Networks leads their industry in the number of responsible disclosures made to the United States ICS-CERT. They’ve consistently demonstrated a high level of professionalism and expertise in helping impacted customers and vendors quickly address identified vulnerabilities. Their specialized expertise in OT and IoT cybersecurity and the processes they have established to ensure the cybersecurity of their own products make them a valued member of the CNA team,” Lawler added.

Related: GitHub Becomes CVE Numbering Authority, Acquires Semmle

Related: Rapid7 Appointed CVE Numbering Authority

Related: SAP Becomes CVE Numbering Authority

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by Eduard Kovacs:
Tags:

COMMENTS

WORDPRESS: 0
Close Bitnami banner
Bitnami