CVE Blog

The purpose of this blog is to establish a dialogue and get your input on issues and topics important to CVE. We encourage you to use Medium, LinkedIn, or Twitter to comment on, share, or like a post. Right-click and copy here to share this article from the CVE website.

CVE Program Expands Partnership with Spanish National Cybersecurity Institute (INCIBE)

Share or comment Medium Twitter LinkedIn

This article is based upon a news release by the CVE Program and INCIBE.

The CVE® Program announced it is expanding its partnership with Spanish National Cybersecurity Institute (INCIBE) for managing the assignment of CVE Identifiers (CVE IDs) for the CVE Program.

INCIBE is now designated as a Root for Spain Organizations. As a Root for Spain Organizations, INCIBE is responsible for ensuring the effective assignment of CVE IDs, implementing the CVE Program rules and guidelines, and managing the CVE Numbering Authorities (CNAs) under its care. It is also responsible for recruitment and onboarding of new CNAs and resolving disputes within its scope.

A CNA is an organization responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing. Currently, INCIBE and JPCERT/CC are Roots under the MITRE Top-Level Root. There are currently 173 organizations from 29 countries actively participating in the CVE Program.

INCIBE has also extended its CNA scope responsibilities to those CVE candidates reported to INCIBE by researchers that are not within the scope of another CNA.

INCIBE’s Root designation consolidates INCIBE as a key agent of trust for the exchange of this type of information among Spanish organizations, thereby promoting a greater and better exchange of information so that all parties involved in this process can make better decisions in order to continue raising the level of cybersecurity of national companies.

Rosa Díaz, corporate general manager of INCIBE, stated, “The importance of this new role of the Institute, with public-private collaboration being one of the strategic points that will break down physical borders, which do not exist in the digital word, with the aim of detecting new vulnerabilities and strengthening cybersecurity capabilities so that our citizens and our companies are better protected.”

“The CVE Board is pleased to see INCIBE enhancing its mission of strengthening cybersecurity by stepping up their contributions to the vulnerability management community. The CVE Board welcomes INCIBE’s new role in the program as a Root CNA. We look forward to working with INCIBE in the days and years ahead,” stated Kent Landfield, a founding CVE Board member and chair of the CVE Strategic Planning Working Group.

Comments or Questions?

If you have any questions about this article, please use the CVE Request Web Form and select “Other” from the dropdown menu to contact the CVE Program. We look forward to hearing from you!

- The CVE Program
  June 17, 2021
  CVE Request Web Form
(select “Other” from dropdown)

Recent Posts

Page Last Updated or Reviewed: June 16, 2021