Wind River Becomes a CVE Numbering Authority and Continues to Build on Its Commitment to Security
June 25 2024 - 3:00PM
Business Wire
Wind River®, a global leader in delivering software for
mission-critical intelligent systems, today announced that it has
been authorized by the Common Vulnerabilities and Exposures (CVE)
Program as a CVE Numbering Authority (CNA). Wind River now joins
the mission of the CVE Program to identify, define, and catalog
publicly disclosed cybersecurity vulnerabilities.
“As industries transform toward a more connected and intelligent
world, the threat landscape is rapidly evolving and security
continues to be a top concern. Becoming a CVE Numbering Authority
will allow Wind River to deliver even higher levels of service to
our customers and to further demonstrate our commitment to
cybersecurity and vulnerability management,” said Eashwer
Srinivasan, corporate vice president, Engineering, Wind River.
CVE is an international, community-based effort to discover
vulnerabilities. Vulnerabilities are assigned and published to the
CVE List, which is built by CNAs. The CVE List also feeds into the
National Institute of Standards and Technology (NIST) U.S. National
Vulnerability Database (NVD), the U.S. government repository of
standards-based vulnerability management data represented using the
Security Content Automation Protocol (SCAP).
As a CNA, Wind River can assign CVE IDs to vulnerabilities and
publish CVE information about a given vulnerability in the
associated CVE Record. Once CVEs are published to the CVE List,
information technology and cybersecurity professionals worldwide
can use CVE Records to rapidly discover and correlate the
information to address vulnerabilities and protect their systems
against potential attacks.
The CVE Program is sponsored by the U.S. Department of Homeland
Security (DHS) Cybersecurity and Infrastructure Security Agency
(CISA). For the benefit of the cybersecurity community and to help
every organization better manage vulnerabilities and keep pace with
threat activity, CISA maintains the authoritative source of
vulnerabilities that have been exploited in the wild — the Known
Exploited Vulnerability (KEV) catalog. CISA uses the CVE List to
compile KEV.
About Wind River
Wind River is a global leader in delivering software for
mission-critical intelligent systems. For more than four decades,
the company has been an innovator and pioneer, powering billions of
devices and systems that require the highest levels of security,
safety, and reliability. Wind River software and expertise are
accelerating digital transformation across industries including
automotive, aerospace, defense, industrial, medical, and
telecommunications. The company offers a comprehensive portfolio
supported by world-class global professional services and support
and a broad partner ecosystem. To learn more, visit Wind River at
www.windriver.com.
Wind River is a trademark or registered trademark of Wind River
Systems, Inc., and its affiliates. Other names may be the
trademarks of their respective owners.
View source
version on businesswire.com: https://www.businesswire.com/news/home/20240625878416/en/
Jenny Suh Wind River 510-749-2972 jenny.suh@windriver.com