Netskope Authorized by the CVE Program as a CVE Numbering Authority

As a cybersecurity organization, Netskope has a responsibility to be transparent about security issues reported in Netskope products and services which might have an impact on Netskope customers or partners. To fulfill this responsibility, Netskope has a smooth, transparent, and industry-standard process under our Product Security Incident Response Team (PSIRT) to disclose the security issues publicly which are reported in Netskope products from various sources.

As part of the PSIRT process, Netskope has worked with the Common Vulnerabilities and Exposures (CVE) program to register as a CVE Numbering Authority (CNA). The CVE program is a collaborative effort that relies on the community to provide a reference method for publicly known information security vulnerabilities and exposures termed as CVE Records.

As a result, Netskope has been authorized by the CVE Program as a CNA. A CNA is an organization responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing. Netskope’s CNA scope is all Netskope products and services.

Through CNA authorization, Netskope can offer several advantages, which include:

• Demonstrating mature vulnerability management practices and a commitment to cybersecurity for current and potential customers.
• Communicating value-added vulnerability information to our customer base.
• Controlling the CVE publication release process for vulnerabilities in our scope.
• Assigning CVE IDs without having to share embargoed information with another CNA.
• Streamlining vulnerability disclosure processes.
• Managing all aspects of CVE Records for Netskope products.
• Encouraging visibility and partnership with other peer CNAs.
• Helping to comply with industry standards and government regulations.

If you’re interested in learning more about how your organization can get involved, please visit the CVE Program’s website.