Select your country

Belgium

China

Denmark

France

Germany

Maghreb & West Africa

Netherlands

Norway

South Africa

Spain

Sweden

Switzerland

United Kingdom

Not finding what you are looking for, select your country from our regional selector:

Search

  1. Orange Cyberdefense
  2. Insights
  3. Blog
  4. CERT-News
  5. Orange Cyberdefense joins the CVE program as a CVE numbering authority
| News

Orange Cyberdefense joins the CVE program as a CVE numbering authority

CERT News Categories Orange Cyberdefense
Wilfried Pascault explains the importance of beoin CNA certified for Orange Cyberdefense.

Share

Your cybersecurity news in a nutshell

  • Orange Cyberdefense has officially become a “CVE Numbering Authority (CNA)” enabling it to assign CVE identifiers to discovered vulnerabilities, thereby strengthening its contribution to the global cybersecurity ecosystem; 
  • This status highlights Orange Cyberdefense’s expertise in cybersecurity research and intelligence, while improving responsiveness and coordination in addressing vulnerabilities, with a positive impact on organizational security.

Orange Cyberdefense is officially authorized to assign CVE vulnerability identifiers

Orange Cyberdefense is now officially recognized as a “CVE Numbering Authority (CNA)” which allows it to assign CVE identifiers to vulnerabilities discovered by its teams or by third parties and to contribute further to the international cybersecurity ecosystem.

A standardized language for security teams, software vendors, and researchers

The CVE (Common Vulnerabilities and Exposures) program is the global repository for tracking software vulnerabilities. It relies on a network of organizations, known as CNA, authorized to assign CVE identifiers and publish related information in a standardized format. This common language has become a standard for security teams, software publishers, and researchers who coordinate their responses to the flaws and vulnerabilities discovered every day.

To date, more than 500 CNAs from 43 countries participate in the program. Orange Cyberdefense has become one of the few French representatives, operating under the institutional oversight of ENISA, the European Union Agency for Cybersecurity.

An active contributor to the cybersecurity community

In practical terms, this status allows Orange Cyberdefense to assign CVE identifiers independently, both for vulnerabilities affecting its own products and for those discovered by its researchers or other members of the cybersecurity community in third-party products. It also speeds up responsible disclosure processes by reducing the time between the discovery of a vulnerability and its official publication.

Becoming a CNA is obviously a great honor, but above all, it is an operational responsibility: in a context where publication timelines have a direct impact on organizations' exposure, it serves as a concrete tool for improving the ecosystem's responsiveness and addressing future vulnerabilities, explains Wilfried Pascault, Head of Vulnerability Intelligence Watch at Orange Cyberdefense.

Orange Cyberdefense's expertise in cybersecurity research and intelligence

This recognition highlights Orange Cyberdefense’s commitment to security research and responsible disclosure - two pillars that directly contribute to the quality of threat intelligence shared with its clients and partners.

For more information, you can: 

24/7 incident hotline