Keeper Security with first in joining the CVE programme
Keeper Security, a market leader in password and passkey management, has become the first company in its field to join the Common Vulnerabilities and Exposures (CVE) programme as a CVE Numbering Authority (CNA). The authorisation means the firm will be able to assign CVE IDs and release CVE records for vulnerabilities found in its own code, as well as those discovered by the Keeper team in third-party software. The records will then be published through the CVE List, a vital tool for global IT and cybersecurity professionals to help coordinate their efforts and prioritise vulnerabilities.
"Becoming a CNA partner highlights our ongoing commitment to the responsible disclosure of potential security issues," stated Craig Lurey, CTO and Co-Founder of Keeper Security. He added, "Our mission is to provide the world's most secure and innovative cybersecurity software, and we believe that programmes like CVE are a vital component to ensuring the security of all digital products and services people rely on."
The CVE programme is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). CISA uses the CVE List to compile the Known Exploited Vulnerability Catalog, which organisations utilise to prioritise the repair of listed vulnerabilities and decrease the probability of compromise by known threat actors. The data also helps feed the U.S. National Vulnerability Database, curated by the National Institute of Standards and Technology (NIST).
Committed to the best industry practices of responsible disclosure of potential security issues, Keeper Security values the contributions of good-faith researchers in ensuring user security and privacy. As an organisation, keeping users secure is at the core of Keeper's values. As such, the company encourages responsible security testing and disclosure of vulnerabilities to help make the internet a more secure place overall.
To uphold the high-security standards, Keeper Security conducts quarterly application penetration testing on all its products and systems. This is performed with 3rd party penetration testers, inclusive of groups such as NCC Group and Cybertest. The company also collaborates with Bugcrowd to manage its bug bounty and Vulnerability Disclosure programme (VDP), which rewards ethical hackers for uncovering and reporting vulnerabilities.