Ericsson Authorized as CVE Numbering Authority (CNA) to Enhance Cybersecurity

Ericsson Authorized as CVE Numbering Authority (CNA) to Enhance Cybersecurity

(IN BRIEF) Ericsson has obtained authorization as a CVE Numbering Authority (CNA), allowing the company to identify and document publicly disclosed software system vulnerabilities. This designation enables Ericsson to contribute to global cybersecurity efforts and strengthen digital resilience. As a CNA, Ericsson can assign CVE identifiers to vulnerabilities within its specified scope, facilitating consistent and reliable communication among IT and security professionals. This move reflects Ericsson’s commitment to providing customers with timely and comprehensive information about cybersecurity vulnerabilities and further enhances its 20-year-long dedication to telecom product security.

(PRESS RELEASE) STOCKHOLM, 1-Feb-2024 — /EuropaWire/ — The prominent designation allows Ericsson to identify and catalog publicly disclosed software system weaknesses – known as vulnerabilities – and contribute to the global effort to improve cybersecurity and strengthen digital resilience. CNAs are organizations authorized to assign CVE identifiers to vulnerabilities affecting products and solutions within their specified scope.

The CVE Program is a community-driven initiative that relies on partnerships with organizations worldwide, including industry, academic and government representatives, to discover, define and maintain open data registry of publicly known cybersecurity vulnerabilities (CVE List). CVE is known as the de facto international standard for uniquely identifying vulnerabilities.

CVE IDs, assigned and published by CNAs like Ericsson, are unique identifiers for specific cybersecurity issues, enabling consistent and reliable communication to help provide collaboration among information technology and security professionals. CVE Records published in the catalog empower stakeholders to rapidly identify vulnerabilities, ensuring timely and effective responses to potential security threats.

Mikko Karikytö, Chief Product Security Officer & Head of Product Security at Ericsson says: “Our authorization as a CVE Numbering Authority (CNA) is a proof point in our ongoing commitment to cybersecurity excellence. We are honored to join the CVE community and contribute to addressing cybersecurity vulnerabilities. This is in line with our efforts to provide resilient high-performing secure digital infrastructure and meet demanding requirements.”

By becoming a CNA, Ericsson further strengthens its commitment to provide customers with comprehensive and up-to-date information about cybersecurity vulnerabilities, enabling them to respond effectively to potential threats and contribute to their overall cybersecurity posture.

The designation is the latest step in 20 years of Ericsson Product Security efforts to increase the trust and reliability of telecom products. Ericsson Product Security Incident Response Team (PSIRT) has recently published an updated product vulnerability disclosure policy and established a dedicated security bulletin webpage where CVEs assigned by Ericsson will be posted. For further information visit Ericsson PSIRT

Media Contact:

investor.relations@ericsson.com
+46 10 719 00 00

media.relations@ericsson.com
Tel: +46 10 719 69 92

SOURCE: ERICSSON

MORE ON ERICSSON, ETC.:

Follow EuropaWire on Google News
EDITOR'S PICK:

Comments are closed.