The first password management company to join the CVE Program, Keeper to promote responsible disclosure of potential security risks
Keeper Security has been authorised by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA). Keeper is the first password management company to join this global effort to identify, define and catalog publicly-disclosed cybersecurity vulnerabilities.
As a CNA, Keeper has the ability to directly assign CVE IDs and publish CVE records for vulnerabilities discovered in its own source code and vulnerabilities in third-party software discovered by the Keeper team that are not in another CNA’s scope. Keeper can then publish that information via the CVE List, which information technology and cybersecurity professionals around the world use to coordinate their efforts to prioritize and address the vulnerabilities.
“Becoming a CNA partner highlights our ongoing commitment to the responsible disclosure of potential security issues,” said Craig Lurey, CTO and Co-Founder of Keeper Security. “Our mission is to provide the world’s most secure and innovative cybersecurity software, and we believe that programs like CVE are a vital component to ensuring the security of all digital products and services people rely on.”
CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). CISA uses the CVE List to compile its Known Exploited Vulnerability Catalog, which organisations use to prioritise remediation of listed vulnerabilities, reducing the likelihood of compromise by known threat actors. The CVE list also feeds into the National Institute of Standards and Technology (NIST) U.S. National Vulnerability Database, which is the government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol.
Keeper Security is committed to the industry best practice of responsible disclosure of potential security issues. Keeper takes the security and privacy of its customers seriously and is committed to protecting their personal data. Keeping users secure is core to Keeper’s values as an organisation. Keeper values the input of good-faith researchers and believes that an ongoing relationship with the cybersecurity community helps ensure user security and privacy, and makes the Internet a more secure place overall. This includes encouraging responsible security testing and disclosure of security vulnerabilities.