|
|
CVE has a new ID numbering format for CVE Identifiers (i.e., CVE IDs) that requires organizations to take action to ensure their products, tools, and processes continue to work properly now that CVE ID numbers are being issued using the new syntax. This page recognizes those software vendors and cybersecurity organizations that have updated to the new CVE ID numbering format. Read the press release.
Learn more:
The organizations listed below have declared that they are, or will be, compliant with the new syntax. Organizations are listed alphabetically. Current total: 21
Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.adobe.com/
Declaration Quote: Not provided
Date Declared: September 18, 2014
Compliant: Yes
Website:
http://www.ca.com/
Declaration Quote: Not provided
Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.cerias.purdue.edu/
Declaration Quote: "CERIAS has adopted the new CVE ID format in the Cassandra service. The need for the new format is a testament to the usefulness of the CVE and the progress we still need to make in preventing vulnerabilities." – Pascal Meunier
Date Declared: September 16, 2014
Compliant: Yes
Website:
http://www.cert.org/
Declaration Quote: "The growth of software and device markets (networked
"things"), the expansion of the security research community, and the development of automated vulnerability discovery tools all drive increasing demand for CVE ID assignments." – Art Manion, Vulnerability Analyst, CERT Coordination Center
Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.cert-ist.com
Declaration Quote: Not provided
Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.emc.com/
Declaration Quote: Not provided
Date Declared: September 16, 2014
Compliant: Yes (Read our
news release)
Website: http://www.htbridge.com/
Declaration Quote: "The number of software vulnerabilities is continuously growing every year and it is very important to make sure that each discovered vulnerability has a unique globally-recognized identifier, such as the CVE ID. The new format of the CVE ID is an efficient response to the growth that will ensure that despite the increasing number of new vulnerabilities they will remain manageable. At High-Tech Bridge we are proud to be part of MITRE's CVE program that we use both for our security research and our information security services." - Ilia Kolochenko, CEO
Date Declared: September 16, 2014
Compliant: Yes
Website: http://xforce.iss.net/
Declaration Quote: Not provided
Date Declared: September 16, 2014
Compliant: Yes
Website: https://ics-cert.us-cert.gov/
Declaration Quote: Not provided
Date Declared: September 16, 2014
Compliant: Yes
Website: www.ipa.go.jp/index-e.html
Declaration Quote: "So the new era is about to begin. JVN iPedia is ready for the new syntax. Through our JVN Security Content Automation Framework, we'll collaborate with MITRE and actively adopt SCAP/CYBEX in support of the Making Security Measurable initiative." – Dr. Masato Terada, IPA
Date Declared: September 16, 2014
Compliant: Yes
(Read our
news release)
Website: http://www.jpcert.or.jp/english/
Declaration Quote: Not provided
Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.LP3.com
Declaration Quote: "CVE is the standard for naming vulnerabilities globally. I can’t even imagine the confusion we have avoided by using CVE to properly identify, manage, and track vulnerabilities and mitigation. This numbering change is an important extension of the CVE ID to enable continued growth of this capability." - Scott A. Lawler, CISSP-ISSAP, ISSMP, HCISPP, Chairman/CEO
Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.microsoft.com/
Declaration Quote: "Customer protection is a priority for Microsoft and we are pleased to support the new standardized CVE ID format which extends customer access to crucial information about CVEs." – Elizabeth Scott, Principal Program Manager, Microsoft Trustworthy Computing
Date Declared: September 16, 2014
Compliant: Yes
Website: http://nvd.nist.gov/
Declaration Quote: Not provided
Date Declared: September 16, 2014
Compliant: Yes (Read
our
news release)
Website: http://www.nsfocus.com/
Declaration Quote: "NSFOCUS's products flexibly store data by CVE ID, enabling seamless compatibility with new CVE ID formats and even longer ID formats." – Steven Cai
Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.oracle.com/
Declaration Quote: Not provided
Date Declared: September 16, 2014
Compliant: Yes
Website: https://access.redhat.com/security/cve/
Declaration Quote: "Red Hat provides a database of CVE that affect our products and services,
https://access.redhat.com/security/cve/. This database fully supports the new CVE syntax." – Mark Cox, Senior Director of Red Hat Product Security
Date Declared: September 16, 2014
Compliant: Yes
Website: http://securitytracker.com/
Declaration Quote:
"With number of vulnerabilities being reported only going up, the CVE format
change is essential in helping us keep track of the latest vulnerabilities."
Date Declared: September 16, 2014
Compliant: Yes
Website: https://www.suse.com/
Declaration Quote: Not provided
Date Declared: September 16, 2014
Compliant: Yes
Website: http://www.symantec.com/
Declaration Quote: Not provided
Date Declared: September 18, 2014
Compliant: Yes, except Passive Vulnerability Scanner (targeted for Q4 2014)
Website: http://www.tenable.com
Declaration Quote: Not provided