Vulnetix named Australia's first global CVE authority

Vulnetix has been appointed Australia's first Global CVE Numbering Authority, making the cybersecurity company the only registered authority of its kind in the country and one of 27 globally.

The appointment gives the Australian-owned company a more direct role in the system used to identify and catalogue software vulnerabilities. It also coincides with an expansion of its tools for developers using AI-assisted coding.

Vulnetix is also expanding support for Claude Code so vulnerability intelligence appears when developers and AI coding agents select software components during coding. Its plugin checks each component against more than 160 vulnerability databases at the point of selection.

The tool presents exploit information, malware signals, end-of-life status, upgrade risk, and recommendations for safer versions. The aim is to help developers make decisions before code is committed and reduce the chances of vulnerable components entering software supply chains.

Vulnetix has also opened free access for Australian developers to its vulnerability database, APIs, Claude Code plugin, and command-line interface. Previously, these tools were used mainly by larger security teams.

Developer focus

Vulnetix is framing the changes around a shift in how software is built, with AI coding tools playing a larger role in selecting packages and dependencies. That shift has increased scrutiny of the quality and timeliness of vulnerability data used during development.

Sean Marshall, Chief Executive Officer and Co-founder of Vulnetix, said the local market needed stronger domestic vulnerability intelligence.

"Australia needs a stronger local foundation for vulnerability intelligence, especially with new threats emerging, such as TeamPCP, that are directly targeting the tools developers use," said Marshall.

He said support for Claude Code is designed to place security information directly into the development workflow as coding decisions are made.

"At the same time, development is becoming more automated. With Claude Code support, Vulnetix is bringing vulnerability intelligence into the developer workflow so security context is available when decisions are being made, not after the fact," added Marshall.

The platform is intended to reduce manual triage and give security teams clearer visibility across the software development lifecycle. It is aimed particularly at organisations in tightly regulated sectors, including government and finance.

It also integrates with development and delivery environments including Azure DevOps, GitLab CI, and Bitbucket, adding another layer of vulnerability intelligence to existing DevSecOps processes.

Global role

CVE numbering authorities assign identifiers to publicly disclosed cybersecurity vulnerabilities. Joining that network gives Vulnetix a recognised role in a global framework used by software vendors, researchers, and security teams to track and discuss flaws consistently.

For Australia, the appointment creates the country's first locally based participant in this part of the vulnerability reporting system. It comes as governments and private sector organisations face growing scrutiny over software supply chain security and the use of third-party components in business systems.

Marshall said the company's broader objective is to make vulnerability management more practical for organisations balancing speed and control.

"For 20 years, the security industry has been saying that security needs to be in the developer's natural path. Now, AI coding agents are automatically making decisions about software supply chains thousands of times a day, with no idea about what they're importing. That's not a Claude problem. It's a data problem. Vulnetix is solving the data problem," added Marshall.