runZero Earns CVE Numbering Authority (CNA) Designation, Strengthening Leadership in Exposure and Vulnerability Management

AUSTIN, Texas--(BUSINESS WIRE)--runZero, a leader in exposure management, today announced that it has been authorized by the CVE Program as a CVE Numbering Authority (CNA). The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. This milestone underscores runZero’s deep commitment to advancing coordinated vulnerability disclosure (CVD) practices and reinforces the company’s position as a trusted authority in identifying, documenting, and communicating vulnerabilities to help organizations improve their cyber defenses.

runZero’s exposure management platform delivers comprehensive, agentless visibility across internal and external attack surfaces, helping organizations quickly detect and address exposures that traditional tools miss. runZero leverages powerful technology to discover, fingerprint, and assess all types of assets, including unknown and unmanaged devices. By uncovering these assets and their associated exposures, the platform equips security teams with the holistic insights and intelligence required to accelerate remediation. Now with this accreditation, runZero’s expertise in exposure management and research can be shared with the community through assigning CVE identification numbers and publishing additional details in the associated CVE record for vulnerabilities.

As a CNA, runZero can now assign and publish CVE identifiers for discovered vulnerabilities identified in the course of normal research and customer interactions. This capability enables runZero to streamline the last mile of coordinated disclosure, reducing friction, accelerating the delivery of critical security information, and ensuring organizations can quickly assess and respond to risks across their environments. Enterprises worldwide rely on runZero for accurate and actionable exposure identification and intelligence; the CNA designation provides a powerful extension of the transparency and trust the company has long championed.

“Becoming a CNA reflects runZero’s commitment to openness, accountability, and improving the security ecosystem for everyone,” said Tod Beardsley, VP of Security Research at runZero. “Our customers depend on us to provide the clearest picture possible of their attack surface, and that means delivering actionable, accurate vulnerability information as quickly as possible. With CNA status, we can advance vulnerability disclosure norms, especially across the ICS and OT domains where gaps persist and contribute our expertise back to the broader security community.”

The new authorization also simplifies runZero’s internal vulnerability disclosure policy and enhances the company’s ability to collaborate effectively with suppliers, researchers, and technology providers, particularly those who may have limited experience navigating coordinated vulnerability disclosure. By removing reliance on external bottlenecks and enabling runZero to publish and update CVEs directly, organizations can benefit from faster security insights and improved remediation workflows. The company’s longstanding expertise in foundational internet protocols, industrial control systems, and exposure research positions runZero to contribute meaningfully to the evolving CVE ecosystem.

runZero’s CNA scope includes vulnerabilities in runZero product families as well as issues discovered in third-party technologies encountered during general research and product enhancement work and as part of the ongoing research efforts supporting agentless discovery, deep fingerprinting, and exposure detection across a wide array of IT, OT, IoT, mobile, and cloud assets. This initiative aligns with runZero’s broader roadmap to advance the state of vulnerability management, encourage wider participation among technology developers, and reinforce its no-nonsense approach to enterprise risk assessment.

To learn more about runZero and how it's shaping the future of vulnerability identification and management, please visit: https://www.runzero.com/

About runZero

runZero provides a single source of truth for exposure management across your total attack surface. Without requiring agents, authentication, or appliances, runZero delivers the most complete and accurate visibility into every asset and exposure across internal, external, IT, OT, IoT, mobile, and cloud environments — including uncovering unknown and unmanageable devices and broad classes of exposures that evade traditional tools. Founded in 2018 by HD Moore, runZero is trusted by more than 500 companies and 30,000 users worldwide to mitigate risks faster, meet compliance requirements, and improve overall security.