Hi, On Thu, Jun 11, 2026 at 02:56:36AM +0000, Securin Disclose wrote: > Hello, > > As a CVE Numbering Authority (CNA), Securin can reserve and assign CVE IDs for > your reported vulnerabilities. Once fixes are available, please share the > complete vulnerability details with us. Our team will review the information > and > publish the CVEs accordingly. > > Our current turnaround times are: > > CVE Assignment: Within 24 hours > Publication to MITRE: Within 48 hours after receiving the required details and > confirming readiness for disclosure > > Please let us know how we can assist in streamlining or accelerating the CVE > assignment process for your team. We are happy to work closely with you to > ensure timely coordination, assignment, and publication. > > We look forward to supporting your vulnerability disclosure efforts.
Out of interest, since I was looking up the scope of the Securin CNA. The scope currently say: | Vulnerabilities found in Securin products and services (including | end-of-life/end-of-service products), as well as vulnerabilities in | third-party software discovered by Securin that are not in another | CNA’s scope. So does that not only cover vunerabilities in third-party software (not CNA's scope) discoveed by Securin? The Red Hat CNA OTOH covers explicitly open source in their root scope: https://www.cve.org/PartnerInformation/ListofPartners/partner/securin https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat Regards, Salvatore
