The following announcement was posted on the CVE 
 as well as shared on CVE's 
 social media channels:

CVE Program Expands Partnership with Red Hat

The CVE(r) Program<> is expanding its partnership with Red 
Hat, Inc.<> 
for managing the assignment of CVE Identifiers (CVE 
for the CVE Program for open source.

Red Hat is now designated as a 
Root<> for 
any open-source organizations that choose Red Hat as their Root. However, 
organizations are free to choose another Root if it suits them better.

As a Root, Red Hat is responsible for ensuring the effective assignment of CVE 
IDs, implementing the CVE Program rules and guidelines, and managing the CVE 
Numbering Authorities (CNAs)<> 
under its care. It is also responsible for recruitment and onboarding of new 
CNAs and resolving disputes within its scope.

A CNA is an organization responsible for the regular assignment of CVE IDs to 
vulnerabilities, and for creating and publishing information about the 
vulnerability in the associated CVE 
 Each CNA has a specific scope of responsibility for vulnerability 
identification and publishing. Currently, 
 Red Hat<>, 
and Spanish National Cybersecurity Institute 
are Roots under the MITRE Top-Level 
There are currently 237 organizations from 35 countries actively participating 
in the CVE Program.

Red Hat's Root designation consolidates Red Hat as the key agent of information 
exchange among open-source organizations and projects participating as CNAs, 
thereby ensuring that all parties will work together to expedite the assignment 
of CVE IDs and publication of CVE Records and help improve cybersecurity 


CVE Program Secretariat<>

[A picture containing text, clipart  Description automatically generated]

Reply via email to