SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Compliance
#
Cybersecurity
#
PAM
Keeper Security with first in joining the CVE programme
Fri, 6th Oct 2023
Author image
By Sean Mitchell, Publisher
Follow us

Keeper Security, a market leader in password and passkey management, has become the first company in its field to join the Common Vulnerabilities and Exposures (CVE) programme as a CVE Numbering Authority (CNA). The authorisation means the firm will be able to assign CVE IDs and release CVE records for vulnerabilities found in its own code, as well as those discovered by the Keeper team in third-party software. The records will then be published through the CVE List, a vital tool for global IT and cybersecurity professionals to help coordinate their efforts and prioritise vulnerabilities.

"Becoming a CNA partner highlights our ongoing commitment to the responsible disclosure of potential security issues," stated Craig Lurey, CTO and Co-Founder of Keeper Security. He added, "Our mission is to provide the world's most secure and innovative cybersecurity software, and we believe that programmes like CVE are a vital component to ensuring the security of all digital products and services people rely on."

The CVE programme is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). CISA uses the CVE List to compile the Known Exploited Vulnerability Catalog, which organisations utilise to prioritise the repair of listed vulnerabilities and decrease the probability of compromise by known threat actors. The data also helps feed the U.S. National Vulnerability Database, curated by the National Institute of Standards and Technology (NIST).

Committed to the best industry practices of responsible disclosure of potential security issues, Keeper Security values the contributions of good-faith researchers in ensuring user security and privacy. As an organisation, keeping users secure is at the core of Keeper's values. As such, the company encourages responsible security testing and disclosure of vulnerabilities to help make the internet a more secure place overall.

To uphold the high-security standards, Keeper Security conducts quarterly application penetration testing on all its products and systems. This is performed with 3rd party penetration testers, inclusive of groups such as NCC Group and Cybertest. The company also collaborates with Bugcrowd to manage its bug bounty and Vulnerability Disclosure programme (VDP), which rewards ethical hackers for uncovering and reporting vulnerabilities.

Related stories
Record ransomware attacks in March 2024, report finds
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
AI tools linked to data exposure in 1 in 5 UK organisations
Top stories
Australian businesses fast-track Microsoft cloud adoption amid cyber threats
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity