Zabbix authorized to be a CVE Numbering Authority (CNA)
July 14, 2020
After completing several stages to strengthen security procedures, Zabbix proudly announces that it has joined the CVE Program to assign CVE IDs to vulnerabilities affecting Zabbix products and projects.
The CVE program is the de facto international standard for identifying and naming cyber security vulnerabilities. The Common Vulnerabilities and Exposures (CVE®) Program’s primary purpose is to uniquely identify vulnerabilities and to associate specific versions of code bases (e.g., software and shared libraries) to those vulnerabilities – as stated on CVE Program website.
CVE Numbering Authorities (CNAs) are organizations from around the world that are authorized to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. These CVE IDs are provided to researchers, vulnerability disclosers, and information technology vendors.
Zabbix assures the best security experience possible for its customers, users and partners. We are very excited to announce that Zabbix is now part of the CNA program and can issue CVE identifiers for information-security vulnerabilities and their fixes.
Participation in CVE is a voluntary gesture. Zabbix as a monitoring software sees this as an ability to strengthen our monitoring software and the ability to control the disclosure of vulnerability information.
How Zabbix users and customers benefit from this?
One of the main purposes for Zabbix to partner with the CVE Program is to oversee vulnerability management practices to our customers. This is also our commitment to cybersecurity to current and potential customers. Becoming a CNA also guarantees that we can deliver value-added vulnerability information to our customers.
And by becoming CNA we are completing our security policy that strengthens our ability to better cope with vulnerability aspects.
About CVE program
The CVE Program relies on the community (vendors, end users, researchers, and more) to discover and register vulnerabilities. The CVE Board, which drives the direction of the CVE Program, consists of industry, academic, and government representatives from around the world. The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS) and is operated by the MITRE Corporation in close collaboration with international industry, academic, and government stakeholders.
About Zabbix Company
Zabbix LLC is based in Europe, Japan, Russia, and the United States. Its founder, CEO, and Zabbix product creator is Alexei Vladishev. The primary work sphere of Zabbix LLC is the development of open-source software for monitoring networks and applications. Apart from that, the company offers a wide range of professional services designed to fit every customer's unique business demands, including implementation, integration, custom development, consulting services, and various training programs. Zabbix team mission is to make a superior monitoring solution available and affordable for all. For the first time, Zabbix was released in 2001. Zabbix, as a company, was established in 2005 to provide expert technical support services. There are governmental institutions of different countries and some of the world's biggest telco, finance, educational, retail, and healthcare companies among Zabbix customers. Many of them are included in the Fortune 500 list.