Press Release
Jun 25, 2024

HeroDevs Authorized as CVE Numbering Authority by the CVE Program

HeroDevs Achieves CVE Numbering Authority Status: Solidifying Commitment to Cybersecurity and Sustainability
HeroDevs Authorized as CVE Numbering Authority by the CVE Program

(SANDY, UT) - HeroDevs, the leading provider of extended long-term support for end-of-life open-source software, has been authorized by the CVE Program as a CVE Numbering Authority (CNA). With this designation, HeroDevs will be collaborating with security researchers and open-source communities to enhance security awareness through the responsible vetting, documenting, and disclosure of vulnerabilities through the creation and assignment of CVE Records.

The CVE Program relies on a global network of CNA partners to discover, assign, and catalog cybersecurity vulnerabilities. By publishing CVE Records, these partners ensure that vulnerability descriptions are accurate and provide the information stakeholders need to coordinate their remediation efforts effectively. As a CNA partner, HeroDevs is now equipped to assign CVEs IDs to security issues found both in our own software products and those identified by our researchers in open-source software.

"Achieving the status of CVE Numbering Authority allows HeroDevs to play a critical role in securing the web. Our focus will be on rapidly addressing vulnerabilities in end-of-life software, a common threat in many tech environments. We are proud of this achievement and will uphold this responsibility with the utmost diligence,” said Greg Allen, Chief Product Officer at HeroDevs.

HeroDevs aims to provide security solutions for organizations unable to migrate or upgrade to supported open-source software before end-of-life, regardless of the reasons behind their constraints. 

Their mission is to create a more sustainable web, ensuring that creators of open-source projects can continue to innovate without leaving a trail of vulnerable applications and websites in their wake. By focusing on securing deprecated and unsupported software, HeroDevs helps maintain a safer digital environment for everyone, allowing the tech community to advance confidently and securely.

With this new designation, HeroDevs is ready to equip enterprises with critical information about vulnerabilities, enabling them to strengthen their defenses and move forward with confidence.

About the CVE Program

The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

. . .
Article Summary
HeroDevs has been designated as a CVE Numbering Authority (CNA), enabling us to enhance security awareness and protect the web by vetting, documenting, and disclosing vulnerabilities in open-source software.
Thought Leadership
Related Articles
HeroDevs Named Inaugural Partner for Drupal 7 Extended Security Support Provider Program
Ensuring Security and Compliance for Drupal 7 Beyond Its Official End-of-Life
HeroDevs Addresses Three CVEs in Unsupported Bootstrap
Addressing CVE-2024-6484, CVE-2024-6485, and CVE-2024-6531
Why HeroDevs Is Not Affected by the Supply Chain Attack
Understanding HeroDevs' Immunity to the Supply Chain Attack