Headline
Red Hat is now a CVE Numbering Authority of Last Resort in the CVE Program
Since joining the Common Vulnerabilities and Exposures (CVE) Program in 2002, Red Hat has been committed to excellence, growth and innovation in product security. Today, we’re pleased to announce that Red Hat is now a CVE Numbering Authority of Last Resort (CNA-LR), a prestigious recognition of our leadership, expertise and continued commitment to industry advancement. This achievement is a testament to Red Hat’s dedication and a significant success for the entire open source software (OSS) community of which we are proud to be a part.Red Hat’s role as a CNA remains, with the company bei
Since joining the Common Vulnerabilities and Exposures (CVE) Program in 2002, Red Hat has been committed to excellence, growth and innovation in product security. Today, we’re pleased to announce that Red Hat is now a CVE Numbering Authority of Last Resort (CNA-LR), a prestigious recognition of our leadership, expertise and continued commitment to industry advancement. This achievement is a testament to Red Hat’s dedication and a significant success for the entire open source software (OSS) community of which we are proud to be a part.
Red Hat’s role as a CNA remains, with the company being responsible for assigning CVE identifiers to vulnerabilities that affect open source software, particularly those that impact Red Hat’s products and associated upstream projects. Since 2022, Red Hat has served as a Root organization in the CVE Program, onboarding and mentoring open source software projects to succeed within the Program. Check out the blog, “Red Hat extends Common Vulnerabilities and Exposure Program expertise as newly-minted Root organization” for more details. CNA-LR extends this role further, enabling Red Hat to assign CVE IDs and to publish corresponding CVE records within Red Hat Root’s scope for vulnerabilities NOT covered by another CNA.
For example, if the Red Hat Root determines that a CNA within its hierarchy has refused to assign a CVE for any reason, Red Hat, as a CNA-LR, may assign a CVE for that reported vulnerability at the conclusion of the dispute process. You can find all information in the Red Hat CNA-LR Operational Guide.
For over two decades, Red Hat has actively contributed to the goals and initiatives of the CVE Program. Gaining a CNA-LR designation signifies our unwavering dedication and the trust and recognition we have earned within the program. This milestone reflects our relentless pursuit of excellence, strong collaborations and impactful contributions to industry standards and best practices. Additionally, it reinforces the collective strength of the OSS community, whose collaboration and support have been integral to our success.
What this means for you
Achieving CNA-LR status in the CVE Program provides us with new opportunities to help shape the future of our vulnerability ecosystem. With this elevation, we gain access to:
- Greater influence: A stronger voice for the open source software community in the CVE Program
- Stronger collaboration: Enhancing our work with more open source software maintainers and the broader community
- Continued innovation: A platform to drive cutting-edge advancements and thought leadership
A heartfelt thank you
This achievement would not have been possible without the unwavering dedication of our team, the support of our open source community, and the trust of the CVE Program. We extend our deepest gratitude to everyone who has contributed to our journey and helped us reach this significant milestone. We want to thank our open source software community group, whose ongoing support has played a vital role in this success.
What’s next
As we step into this new chapter, we remain committed to driving progress, fostering innovation, and upholding the highest standards of excellence. Our elevation to CNA-LR is an achievement and a stepping stone toward even more outstanding contributions to the industry and open source software community.
Stay tuned for more updates as we continue our journey of leadership and excellence. Thank you for being part of Red Hat’s success story!
Hub
Red Hat compliance and certification
Red Hat supports our customers with the necessary tools and guidance to implement and achieve sensitive computing requirements compliance and IT systems security
Enter keywords here to search blogs
UI_Icon-Red_Hat-Close-A-Black-RGB
Keep exploring
Browse by channel
Automation
The latest on IT automation for tech, teams, and environments
Security
The latest on how we reduce risks across environments and technologies
Edge computing
Updates on the platforms that simplify operations at the edge
Infrastructure
The latest on the world’s leading enterprise Linux platform
Applications
Inside our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech