ONEKEY is registered as CVE Numbering Authority Blog Banner

ONEKEY’s authorization as CVE Numbering Authority highlights its cybersecurity leadership

November 1, 2022

Düsseldorf/Germany, November 1, 2022 – Cybersecurity specialist ONEKEY has been authorized by the CVE Program as a CVE Numbering Authority (CNA). With its vulnerability research focus on industrial control system (ICS) products and connected devices, CISA, the US Cybersecurity and Infrastructure Security Agency, will act as ONEKEY’s Top-Level Root CNA.

With the recent enhancement of ONEKEY’s capabilities to automatically detect zero-day vulnerabilities in ICS products and other connected devices, acting as a CNA and assisting affected vendors during the coordinated disclosure process helps ONEKEY to better scale its efforts to secure the Internet of Things.

“As ONEKEY invests in top cybersecurity, we help pave the way for vulnerability identification and disclosure. That’s why we are proud to contribute as a CVE Numbering Authority to the global effort that enables cybersecurity professionals to quickly identify and remediate vulnerabilities,” said Jan C. Wendenburg, CEO of ONEKEY.

CVE is an international, community-based program and relies on the community to discover vulnerabilities. The discovered vulnerabilities are assigned and published in the CVE list. CNAs are organizations responsible for regularly assigning CVE IDs to vulnerabilities and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publication. ONEKEY will cover its own produced products as well as projects hosted at https://github.com/onekey-sec/ and any vulnerabilities discovered by ONEKEY that are not in another CNA’s scope.

“Our Security Advisories almost always mention at least one CVE ID. These CVEs help professionals address these vulnerabilities to increase the security of their infrastructure.
Ideally, a CVE ID is assigned before a Security Advisory is published,” adds Florian Lukavsky, CTO of ONEKEY. It is common for manufacturers to keep security vulnerabilities secret until a solution has been developed and tested. This reduces the opportunities for attackers to exploit unpatched vulnerabilities.

With the recent addition of automated detection capabilities of zero-day vulnerabilities, ONEKEY can now not only increase the detection rate of critical vulnerabilities in ICS and other connected devices, but also assign CVE IDs to these vulnerabilities and enable program stakeholders to rapidly discover and correlate vulnerability information to protect systems against attacks.

ONEKEY publishes new security advisories regularly – have a look.

About ONEKEY

ONEKEY is a leading European specialist in product cybersecurity. The unique combination of an automated security & compliance software analysis platform and consulting services by cybersecurity experts provides fast, comprehensive analysis, and solutions in the area of IoT/OT product cybersecurity. Building upon automatically generated “Digital Twins” and “Software Bill of Materials (SBOM)” of devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, all without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time, and can thus be remediated in a targeted manner. The easy-to-integrate solution enables manufacturers, distributors, and users of IoT technology to quickly and continuously perform 24/7 security and compliance audits throughout the product lifecycle. Leading international companies in Asia, Europe, and America are already successfully benefiting from the ONEKEY platform and experts.

CONTACT:

Sara Fortmann

Marketing Manager

sara.fortmann@onekey.com

euromarcom public relations GmbH

+49 611 973 150

team@euromarcom.de