VulnCheck Named CVE Numbering Authority for Common Vulnerabilities and Exposures

LEXINGTON, Mass.--(BUSINESS WIRE)--VulnCheck, the vulnerability intelligence company, today announced it has been authorized by the CVE Program as a CVE Numbering Authority (CNA). The company also announced the launch of VulnCheck Advisories, a program designed to simplify how security researchers share vulnerabilities with vendors.

The CVE Program is sponsored by the U.S. Department of Homeland Security and Cybersecurity and Infrastructure Security Agency with a mission to identify, define and catalog publicly disclosed cybersecurity vulnerabilities. As a CNA, VulnCheck joins an elite group of over 280 partners in 36 countries authorized to assign CVE identification numbers to vulnerabilities and publish additional details in the associated CVE record.

"Our company offers the most comprehensive, real-time vulnerability, threat and exploit intelligence available on the market today,” said Anthony Bettini, CEO and Founder of VulnCheck. "Our products often uncover publicly disclosed vulnerabilities and exploits that have no CVE. To better serve the community, VulnCheck has taken on the task of coordinating CVE assignments for these issues. Now as a full partner in the CVE Program, we can expedite the rate at which we can address these problems. This is just the latest step we’ve taken to use our data to help security teams fight back against the growing tide of vulnerabilities they face each day.”

In conjunction with the authorization, the company also launched VulnCheck Advisories, a program designed to remove friction between researchers who identify and report vulnerabilities and the organizations that acknowledge and fix the flaws. The program enables researchers to share newly discovered vulnerabilities directly with VulnCheck. The intelligence company then takes over the submission process to the vendor and guarantees the vulnerability is published within 120 days, whether fixed or not.

“A lot of the time, researchers are at a disadvantage,” said Bettini. “Programs that buy vulnerabilities can be cumbersome and rife with restrictions. And if researchers choose to work directly with a vendor, they can often spend months just trying to get the company to acknowledge their report. With our program, researchers can submit their findings to VulnCheck and let the process run its course without all the hassle.”

The news comes just months after the company raised a $3.2 million seed round to increase hiring, bolster product development and help large enterprises, government agencies and cybersecurity solutions providers outpace adversaries by solving the vulnerability prioritization challenge.

To learn more about VulnCheck and the Advisories program, visit https://vulncheck.com/advisories.

About VulnCheck

VulnCheck is the vulnerability intelligence company helping enterprises, government organizations, and cybersecurity vendors solve the vulnerability prioritization challenge. Trusted by some of the world's largest organizations responsible for protecting hundreds of millions of systems and people, VulnCheck helps organizations outpace adversaries by providing the most comprehensive, real-time vulnerability intelligence that is autonomously correlated with unique, proprietary exploit and threat intelligence. Follow the company on LinkedIn. To learn more about VulnCheck, visit https://vulncheck.com/.