JFrog becomes latest organization authorized as numbering authority for vulnerabilities exposure

Currently, there are 189 organizations from 31 countries participating as CNAs.
Written by Jonathan Greig, Contributor

Software company JFrog has become the latest organization to be designated by the CVE Program as a CVE Numbering Authority.

Currently, there are 189 organizations from 31 countries participating as CNAs, with more than 100 based in the US. 

The classification will allow the company to assign CVE identification numbers to newly discovered security vulnerabilities and publish related details in associated CVE Records for public consumption. 

JFrog will now be authorized to work with the cybersecurity community on a variety of security issues and provide customers with differentiated remediation data through its JFrog Xray.

Moran Ashkenazi, CISO and VP of Security Engineering at JFrog, said becoming a CNA will allow them to help security researchers verify and triage their vulnerabilities and help keep companies' binaries more secure by collaborating on potential threats with the wider security community.

"The number of security risks in software and connected devices continues to grow. As a CNA, we're empowered to work with the community to accelerate threat detection and share information on new vulnerabilities fast -- before they compromise businesses," Ashkenazi said. 

CVE records are used around the world to identify and organize the critical software vulnerabilities that are discovered on a daily basis. Companies like JFrog assign each vulnerability CVE IDs. 

JFrog Security CTO Asaf Karas said that with the CNA designation, the company could more effectively and efficiently disseminate the results of their research to customers and the software community in general -- for both newly discovered vulnerabilities and existing CVE records that may be inaccurate or incomplete.

"With this achievement, JFrog reinforces its commitment to being an active participant in the security community and providing our customers with scalable, secure, development to edge DevSecOps solutions," Karas said. 

Editorial standards