Just connect

Sophos added as CVE numbering authority (CNA)

Security researchers can now work directly with Sophos

Sophos added as CVE numbering authority (CNA)

Sophos, a global leader in next-generation cybersecurity, today announced that it had been named a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) in the CVE program, a recognized international standard for identifying and naming cybersecurity vulnerabilities. With this status, Sophos is authorized to assign CVE identification to unique vulnerabilities within its products’ scope. Security researchers can now work directly with Sophos to open CVEs for the company’s products, making the process of reporting issues and assigning CVEs more straightforward.

The CVE program is an international, community-based effort that maintains a community-driven, open data registry of vulnerabilities. The program catalogues CVEs in a publicly available registry available to security researchers, vulnerability disclosers and information technology vendors. Using a common identifier makes it easier to share and cross-check data across the industry’s several and separate security databases and tools that track vulnerabilities.

Ross McKerchar, vice president and chief information security officer at Sophos
Ross McKerchar, vice president and chief information security officer at Sophos

“Sophos’ new status as a CNA is another example of our commitment to being transparent, and by having the ability to assign CVEs, we can provide the industry with pertinent information about our products faster. This allows organizations to assess security issues more quickly, determine the scale of urgency and prioritize updates,” said

. “Sophos’ CVEs will also get entered into the multiple CVE-compatible databases within the industry. By working collectively on these databases with other vendors and industry standards watch guards, we can together improve defences against persistent attackers.”


“The Common Vulnerabilities and Exposures Team welcomes Sophos as our newest CVE Numbering Authority. Sophos has a strong reputation of contributing to the global digital security community, producing antivirus, encryption and cybersecurity capabilities for over 30 years. Their experience brings real value to the CVE Program. We are very pleased to have Sophos as a contributing member of the CVE Team,” said Kent Landfield, CVE board member.

[email protected]

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More