ONEKEY is registered as CVE Numbering Authority Blog Banner

ONEKEY’s authorization as CVE Numbering Authority highlights its cybersecurity leadership

Düsseldorf/Germany, November 1, 2022Cybersecurity specialist ONEKEY has been authorized by the CVE Program as a CVE Numbering Authority (CNA). With its vulnerability research focus on industrial control system (ICS) products and connected devices, CISA, the US Cybersecurity and Infrastructure Security Agency, will act as ONEKEY’s Top-Level Root CNA.

With the recent enhancement of ONEKEY’s capabilities to automatically detect zero-day vulnerabilities in ICS products and other connected devices, acting as a CNA and assisting affected vendors during the coordinated disclosure process helps ONEKEY to better scale its efforts to secure the Internet of Things. 

“As ONEKEY invests in top cybersecurity, we help pave the way for vulnerability identification and disclosure. That’s why we are proud to contribute as a CVE Numbering Authority to the global effort that enables cybersecurity professionals to quickly identify and remediate vulnerabilities,” said Jan C. Wendenburg, CEO of ONEKEY. 

CVE is an international, community-based program and relies on the community to discover vulnerabilities. The discovered vulnerabilities are assigned and published in the CVE list. CNAs are organizations responsible for regularly assigning CVE IDs to vulnerabilities and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publication. ONEKEY will cover its own produced products as well as projects hosted at and any vulnerabilities discovered by ONEKEY that are not in another CNA’s scope.  

“Our Security Advisories almost always mention at least one CVE ID. These CVEs help professionals address these vulnerabilities to increase the security of their infrastructure. 
Ideally, a CVE ID is assigned before a Security Advisory is published,” adds Florian Lukavsky, CTO of ONEKEY. It is common for manufacturers to keep security vulnerabilities secret until a solution has been developed and tested. This reduces the opportunities for attackers to exploit unpatched vulnerabilities. 

With the recent addition of automated detection capabilities of zero-day vulnerabilities, ONEKEY can now not only increase the detection rate of critical vulnerabilities in ICS and other connected devices, but also assign CVE IDs to these vulnerabilities and enable program stakeholders to rapidly discover and correlate vulnerability information to protect systems against attacks. 


ONEKEY publishes new security advisories regularly – have a look.


ONEKEY is a leading European specialist for automated security & compliance analysis for industrial (IIoT & ICS), manufacturing (OT) and Internet of Things (IoT) devices. Using automatically generated “Digital Twins” and “Software Bill of Materials (SBOM)” of devices, ONEKEY autonomously analyzes firmware for critical security vulnerabilities and compliance violations, all without source code, device, or network access. Vulnerabilities for attacks and security risks are identified in the shortest possible time and can thus be specifically remedied. Easily integrated into software development and procurement processes, the solution enables manufacturers, distributors, and users of IoT technology to check security and compliance quickly and automatically before use, 24/7 throughout the product lifecycle. Leading companies, such as SWISSCOM, VERBUND AG and ZYXEL, are using this platform today – universities and research institutions can use the ONEKEY platform for study purposes free of charge.


Sara Fortmann

Marketing Manager


euromarcom public relations GmbH

+49 611 973 150

Share on facebook
Share on twitter
Share on pinterest
Share on linkedin
Share on xing
Share on email