NetRise Officially Accepted into MITRE CNA Program
by NetRise, on Oct 19, 2022 8:15:59 AM
AUSTIN, Texas – October 18, 2022 – NetRise, the company solving the world's XIoT security problem, announced today it has been designated by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA).
NetRise joins a list of partners, including 240+ organizations from 35 countries, to further expand the community-driven CVE Program. CNAs are organizations from around the world authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope for inclusion in first-time public announcements of new vulnerabilities.
As a CNA, NetRise is authorized to assign CVE IDs to newly discovered zero-day vulnerabilities in third-party devices (not covered by another CNA) uncovered as part of the research conducted against XIoT devices and firmware. This will allow NetRise to directly establish new CVEs, streamline the reporting process, and continue to foster collaboration with the industry as a whole.
“Being recognized as a CNA is a critical step in furthering NetRise’s ability to contribute to the great work and collaboration that the CVE program members have built,” said Thomas Pace, Co-Founder & CEO of NetRise. “As device proliferation across industries continues to grow, organizations need to have full insight into the risks posed by insecure firmware. As the first platform to provide comprehensive insight into shared vulnerabilities across all firmware images in an organization, we are closing the gap in one of cybersecurity’s biggest and least understood problems.”
The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. CVE is an international, community-based effort and relies on the community to discover vulnerabilities, which are then assigned and published to the CVE List. The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS) and is operated by the MITRE Corporation in close collaboration with international industry, academic, and government stakeholders.
NetRise has developed an automated, cloud-based platform that provides comprehensive insight into the many risks present in a XIoT device. These risks and associated artifacts are presented in a clear and concise manner allowing consultants, operators and SOC analysts to take appropriate action and begin to address the risks presented by these devices in their environment. While the NetRise platform has always highlighted “N-Day” vulnerabilities natively in the platform, being recognized as a CNA means NetRise can now responsibly disclose and publish zero-day vulnerabilities that inevitably surface when analyzing XIoT device firmware and other binary files.
About the CVE Program
The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue and to coordinate their efforts to prioritize and address the vulnerabilities.
Based in Austin, Texas, NetRise was built by defensive cyber experts bred across the private sector, intelligence community and U.S. federal government to solve the firmware security problem. The company is currently partnering with companies across manufacturing, automotive, medical devices, industrial control systems, satellites and many more.