Yugabyte announced it has been designated as a CVE Numbering Authority (CNA) by the CVE Program.
Yugabyte joins an elite group of public and private sector organizations authorized to assign CVE identification numbers to newly discovered security vulnerabilities and publish related details in associated CVE Records for public consumption. Yugabyte is the only authority for assigning CVE identification numbers for YugabyteDB, its popular open source distributed SQL database.
The CVE Program identifies and catalogs security vulnerabilities in software and hardware components worldwide. The programs’ trusted public disclosures allow IT professionals, end-users, and other stakeholders to take timely action to prevent attackers from exploiting these vulnerabilities.
“With adoption of YugabyteDB accelerating, there needs to be a clearly defined process for identifying any potential vulnerabilities before they impact our customers,” said Karthik Ranganathan, co-founder and CTO of Yugabyte. “Being named a CNA allows us to verify any security issues and leverage the wider security community to better protect and serve our customers.”
Only 210 companies from 33 countries have been established as CNAs to date. Yugabyte is one of a handful of database vendors in this trusted group of security community contributors, a group that includes organizations such as Google, Microsoft, and Red Hat.