ARE YOU READY FOR THE NEW EU CYBER RESILIENCE ACT? » START YOUR CRA READINESS ASSESSMENT TODAY!

ONEKEY is registered as CVE Numbering Authority Blog Banner

ONEKEY’s authorization as CVE Numbering Authority highlights its cybersecurity leadership

Düsseldorf/Germany, November 1, 2022Cybersecurity specialist ONEKEY has been authorized by the CVE Program as a CVE Numbering Authority (CNA). With its vulnerability research focus on industrial control system (ICS) products and connected devices, CISA, the US Cybersecurity and Infrastructure Security Agency, will act as ONEKEY’s Top-Level Root CNA.

With the recent enhancement of ONEKEY’s capabilities to automatically detect zero-day vulnerabilities in ICS products and other connected devices, acting as a CNA and assisting affected vendors during the coordinated disclosure process helps ONEKEY to better scale its efforts to secure the Internet of Things. 

“As ONEKEY invests in top cybersecurity, we help pave the way for vulnerability identification and disclosure. That’s why we are proud to contribute as a CVE Numbering Authority to the global effort that enables cybersecurity professionals to quickly identify and remediate vulnerabilities,” said Jan C. Wendenburg, CEO of ONEKEY. 

CVE is an international, community-based program and relies on the community to discover vulnerabilities. The discovered vulnerabilities are assigned and published in the CVE list. CNAs are organizations responsible for regularly assigning CVE IDs to vulnerabilities and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publication. ONEKEY will cover its own produced products as well as projects hosted at https://github.com/onekey-sec/ and any vulnerabilities discovered by ONEKEY that are not in another CNA’s scope.  

“Our Security Advisories almost always mention at least one CVE ID. These CVEs help professionals address these vulnerabilities to increase the security of their infrastructure. 
Ideally, a CVE ID is assigned before a Security Advisory is published,” adds Florian Lukavsky, CTO of ONEKEY. It is common for manufacturers to keep security vulnerabilities secret until a solution has been developed and tested. This reduces the opportunities for attackers to exploit unpatched vulnerabilities. 

With the recent addition of automated detection capabilities of zero-day vulnerabilities, ONEKEY can now not only increase the detection rate of critical vulnerabilities in ICS and other connected devices, but also assign CVE IDs to these vulnerabilities and enable program stakeholders to rapidly discover and correlate vulnerability information to protect systems against attacks. 

 

ONEKEY publishes new security advisories regularly – have a look.

DISCOVER THE RESEARCH BLOG!

About ONEKEY

ONEKEY is the leading European specialist in Product Cybersecurity & Compliance Management. The unique combination of an automated Product Cybersecurity & Compliance Platform (PCCP) with expert knowledge and consulting services provides fast and comprehensive analysis, support and management to improve product cybersecurity and compliance from product purchasing, design, development, production to end-of-life.

Critical vulnerabilities and compliance violations in device firmware are automatically identified in binary code by AI-based technology in minutes – without source code, device or network access. Proactively audit software supply chains with integrated software bill of materials (SBOM) generation. “Digital Cyber Twins” enable automated 24/7 post-release cybersecurity monitoring throughout the product lifecycle.

Integrated compliance checking already covers the upcoming EU Cyber Resilience Act and existing requirements according to IEC62443-4-2, EN303645, UNR155 and many others.

The Product Security Incident Response Team (PSIRT) is effectively supported by the integrated automatic prioritisation of vulnerabilities, significantly reducing the time to remediation.

Leading international companies in Asia, Europe and the Americas already benefit from the ONEKEY Product Cybersecurity & Compliance Platform and ONEKEY Cybersecurity Experts.

CONTACT:

Sara Fortmann

Marketing Manager

sara.fortmann@onekey.com

 

euromarcom public relations GmbH

+49 611 973 150

team@euromarcom.de

Stay informed

News

Cybersecurity experts provide information on new EU Legislation to increase Cyber Resilience at 8th CYBICS

September 21, 2023

Security Advisory: Clock Fault Injection on Mocor OS – Password Bypass

August 9, 2023

New “U.S. Cyber Trust Mark” for IoT devices: ONEKEY Platform Already Automatically Verifies Essential Requirements

July 28, 2023
All news

Downloads

ONEKEY Whitepaper EU Cyber Resilience Act Cover

Whitepaper: Understanding the EU Cyber Resilience Act

Titlepage of the Whitepaper TacklingSoftware Supply Chain Risks with IEC 62443 and SBOM

Whitepaper: Tackling Software Supply Chain Risks with IEC 62443 and SBOM

Coverpage of the ONEKEY Success Story

Use Case: How SWISSCOM saves 400K EUR per avoided incident

ONEKEY Datasheet Manufacturing Coverpage

Datasheet: ONEKEY Platform - Manufacturing

All Downloads
contact us
  • ONEKEY GMBH
    KAISERSWERTHER STRASSE 45
    40477 DÜSSELDORF, GERMANY 
  • © ONEKEY GmbH