Carrier has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). This designation allows Carrier to provide customers greater transparency and proactive awareness of vulnerabilities and aligns with the company’s commitment to serving its customers.
With Carrier as a CNA, customers and other stakeholders can remain informed of vulnerabilities and how to address them, reducing risk and increasing speed of remediation.
“This step extends the maturity of Carrier’s cybersecurity program and demonstrates our commitment to transparency, responsiveness and full lifecycle product support related to cybersecurity,” said John Deskurakis, Chief Product Security Officer, Carrier. “As a leader in intelligent building and cold chain solutions, Carrier is a natural fit for the program.”
“Today’s cybersecurity climate calls for early identification and intervention of vulnerabilities to ensure product security,” said Nicole Ford, Vice President and Chief Information Security Officer, Carrier. “As a CNA, we take responsible cybersecurity actions to deliver confidence to our customers.”
The CVE Program is sponsored by the Department of Homeland Security through the Cybersecurity and Infrastructure Security Agency (CISA) and operated by the MITRE Corporation. Through the CVE program, MITRE ensures that application vulnerabilities are uniquely identified and accurately reported.
As the ICS RootCNA, CISA welcomed Carrier to the program.