ONEKEY is registered as CVE Numbering Authority Blog Banner

ONEKEY’s authorization as CVE Numbering Authority highlights its cybersecurity leadership

DĂĽsseldorf/Germany, November 1, 2022Cybersecurity specialist ONEKEY has been authorized by the CVE Program as a CVE Numbering Authority (CNA). With its vulnerability research focus on industrial control system (ICS) products and connected devices, CISA, the US Cybersecurity and Infrastructure Security Agency, will act as ONEKEY’s Top-Level Root CNA.

With the recent enhancement of ONEKEY’s capabilities to automatically detect zero-day vulnerabilities in ICS products and other connected devices, acting as a CNA and assisting affected vendors during the coordinated disclosure process helps ONEKEY to better scale its efforts to secure the Internet of Things. 

“As ONEKEY invests in top cybersecurity, we help pave the way for vulnerability identification and disclosure. That’s why we are proud to contribute as a CVE Numbering Authority to the global effort that enables cybersecurity professionals to quickly identify and remediate vulnerabilities,” said Jan C. Wendenburg, CEO of ONEKEY. 

CVE is an international, community-based program and relies on the community to discover vulnerabilities. The discovered vulnerabilities are assigned and published in the CVE list. CNAs are organizations responsible for regularly assigning CVE IDs to vulnerabilities and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publication. ONEKEY will cover its own produced products as well as projects hosted at https://github.com/onekey-sec/ and any vulnerabilities discovered by ONEKEY that are not in another CNA’s scope.  

“Our Security Advisories almost always mention at least one CVE ID. These CVEs help professionals address these vulnerabilities to increase the security of their infrastructure. 
Ideally, a CVE ID is assigned before a Security Advisory is published,” adds Florian Lukavsky, CTO of ONEKEY. It is common for manufacturers to keep security vulnerabilities secret until a solution has been developed and tested. This reduces the opportunities for attackers to exploit unpatched vulnerabilities. 

With the recent addition of automated detection capabilities of zero-day vulnerabilities, ONEKEY can now not only increase the detection rate of critical vulnerabilities in ICS and other connected devices, but also assign CVE IDs to these vulnerabilities and enable program stakeholders to rapidly discover and correlate vulnerability information to protect systems against attacks. 

 

ONEKEY publishes new security advisories regularly – have a look.

About ONEKEY

ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management and part of the investment portfolio of PricewaterhouseCoopers Germany (PwC). The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support, and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device, or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

The patent-pending, integrated Compliance Wizard™ already covers the upcoming EU Cyber Resilience Act (CRA) and existing requirements according to IEC 62443-4-2, ETSI EN 303 645, UNECE R 155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.

 

CONTACT:

Sara Fortmann

Marketing Manager

sara.fortmann@onekey.com

 

euromarcom public relations GmbH

+49 611 973 150

team@euromarcom.de