Non-profit organization MITRE Corporation, which maintains the Common Vulnerabilities and Exposures (CVE) system, has included Kaspersky Lab in the list of CVE Numbering Authorities (CNAs). Kaspersky Lab is the sixth company in the world to be granted the status of Vulnerability Researcher.
Through participation in the CNA program, Kaspersky Lab can assign CVE numbers to newly identified vulnerabilities and publicly disclose information on them. The scope of this authority includes the company’s own products and third-party software not covered by another CNA.
Kaspersky Lab was granted the CNA status in recognition of the expertise of its research team and the permanent process carried out by the company to improve the security of its own products. One of the CNA’s broader activities is coordinated by Kaspersky Lab ICS CERT, which was founded in 2016. As part of its CNA status, ICS CERT identifies vulnerabilities in industrial automation software solutions, and coordinates joint efforts with industrial vendors to secure these vulnerabilities. The efforts of Kaspersky Lab ICS CERT researchers to find vulnerabilities were noted in US ICS-CERT annual report. In the last 10 months, Kaspersky Lab ICS reported more than 100 vulnerabilities in industrial automation software, including GE, Rockwell, Siemens, and Schneider Electric.
Eugene Goncharov, Head of Critical Infrastructure Defense, at Kaspersky Lab said: “We are extremely proud to be granted CVE Numbering Authority and Vulnerability Researcher status. The Kaspersky Lab ICS CERT team comprises experts with extensive knowledge and experience on SCADA systems and industrial automation, acting for responsible disclosure at the highest level.”
For more information about Kaspersky Lab ICS-CERT, please visit ICS-CERT website.