Press Release – Published: November, 20th, 2020.

SECOMEA NOW AUTHORIZED AS A CVE NUMBERING AUTHORITY (CNA)

By this authorization, Secomea has become accredited to assign CVE identifiers according to best practices of the security industry

Secomea, a leading provider of secure remote access for ICS systems, is authorized by CISA (Cybersecurity & Infrastructure Security Agency) to assign CVEs (Common Vulnerabilities and Exposures) identifies as a CNA (CVE Numbering Authority). CISA is a Top-level Root CNA for ICS (Industrial Control Systems) and medical devices and has onboarded Secomea as CNA within the scope of ICS products.

A CVE is a publicly disclosed security flaw. Disclosure requires careful coordination between security researchers and software vendors in order to avoid sensitive information about vulnerabilities to get in the hands of attackers before companies and users have had an opportunity to mitigate the risk through software updates, reconfiguration or similar measures for preventing cyber-attacks.

HOW CAN CUSTOMERS AND PARTNERS BENEFIT FROM THIS?

With this accreditation, Secomea is able to assign CVE identifiers to own or associated Secomea products. According to CTO Peter Koldig Hansen, this is particularly efficient in relation to our regular external in-depth security audits conducted by the German cybersecurity company ProtectEM; but it also allows us to act quickly on potential vulnerabilities discovered in pen-tests and threat analyses performed by enterprise customers, and our private label partners Schneider Electric and B&R.

“With the increased focus on cybersecurity around ICS systems, following the evident need for servicing industrial equipment remotely as consequence of the Covid19 pandemic, the accreditation will help Secomea to instantly and clearly communicate information about vulnerabilities. We can now take ownership of the process, and customers and partners can feel confident that discovered vulnerabilities are disclosed timely and in accordance with the CVE program standards. This allows the IT and OT departments to rely on common procedures for subscribing to CVE databases, and mitigate issues effectively.„

Find more information about our cybersecurity advisory process.

Learn more about CISA.