NetRise Officially Accepted into MITRE CNA Program

Oct 19, 2022 8:15:59 AM | Announcements NetRise Officially Accepted into MITRE CNA Program

Establishment as CNA Recognizes NetRise’s Commitment to XIoT Security and Vulnerability Reporting

AUSTIN, Texas – October 18, 2022 – NetRise, the company solving the world's XIoT security problem, announced today it has been designated by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA).

NetRise joins a list of partners, including 240+ organizations from 35 countries, to further expand the community-driven CVE Program. CNAs are organizations from around the world authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities affecting products within their distinct, agreed-upon scope for inclusion in first-time public announcements of new vulnerabilities.

 As a CNA, NetRise is authorized to assign CVE IDs to newly discovered zero-day vulnerabilities in third-party devices (not covered by another CNA) uncovered as part of the research conducted against XIoT devices and firmware. This will allow NetRise to directly establish new CVEs, streamline the reporting process, and continue to foster collaboration with the industry as a whole.

 “Being recognized as a CNA is a critical step in furthering NetRise’s ability to contribute to the great work and collaboration that the CVE program members have built,” said Thomas Pace, Co-Founder & CEO of NetRise. “As device proliferation across industries continues to grow, organizations need to have full insight into the risks posed by insecure firmware. As the first platform to provide comprehensive insight into shared vulnerabilities across all firmware images in an organization, we are closing the gap in one of cybersecurity’s biggest and least understood problems.”

 The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. CVE is an international, community-based effort and relies on the community to discover vulnerabilities, which are then assigned and published to the CVE List. The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS) and is operated by the MITRE Corporation in close collaboration with international industry, academic, and government stakeholders.

 NetRise has developed an automated, cloud-based platform that provides comprehensive insight into the many risks present in a XIoT device. These risks and associated artifacts are presented in a clear and concise manner allowing consultants, operators and SOC analysts to take appropriate action and begin to address the risks presented by these devices in their environment. While the NetRise platform has always highlighted “N-Day” vulnerabilities natively in the platform, being recognized as a CNA means NetRise can now responsibly disclose and publish zero-day vulnerabilities that inevitably surface when analyzing XIoT device firmware and other binary files.

 About the CVE Program

The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue and to coordinate their efforts to prioritize and address the vulnerabilities.

 About NetRise

Based in Austin, Texas, NetRise was built by defensive cyber experts bred across the private sector, intelligence community and U.S. federal government to solve the firmware security problem. The company is currently partnering with companies across manufacturing, automotive, medical devices, industrial control systems, satellites and many more.

 Media Contact:

Danielle Ostrovsky

Hi-Touch PR


Thomas Pace

Written By: Thomas Pace

Prior to founding NetRise, Thomas spent 16 years working in security across multiple roles and disciplines. From serving in the United States Marine Corps, being responsible for ICS security within the Department of Energy and most recently serving as Global Vice President for Cylance, Thomas has been a proven leader and innovator within cybersecurity. Thomas has also responded to hundreds of security incidents globally and shared his experience at multiple security conferences such as RSA and Black Hat.