F-Secure authorized to be a CVE Numbering Authority (CNA)

CVE Program’s accreditation allows F-Secure to assign CVE identifiers in accordance with the cyber security industry’s best practices.

Helsinki, Finland – August 10, 2020: Cyber security provider F-Secure is authorized by the CVE Program to assign Common Vulnerability and Exposures (CVE) identifiers as a CVE Numbering Authority (CNA). CNAs are organizations authorized by the CVE Program to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope.


CVEs are publicly disclosed security flaws. Without careful coordination in how these flaws are disclosed, security researchers and software vendors risk providing sensitive information about vulnerabilities to attackers before users have an opportunity to mitigate the risks posed by affected software, essentially increasing people and organizations’ exposure to cyber attacks.


As a CNA for vulnerability researchers, F-Secure is able to assign CVE identifiers to products and projects upon which it performs vulnerability analysis. According to Zak Maples, F-Secure Consulting’s Associate Director for the US, the accreditation will help F-Secure’s researchers and consultants quickly and clearly communicate information about vulnerabilities.


“Security research is a vital part of our work. And as a CNA, we can now take greater ownership of the process, information, and communications that software vendors and users rely on to learn about software vulnerabilities,” explained Maples. “Vendors, our clients, and the public can feel confident that any vulnerabilities we discover are disclosed clearly and timely, and in accordance with CVE Program standards.”


“The Common Vulnerabilities and Exposures (CVE) Team welcomes F-Secure as our newest CVE Numbering Authority (CNA). F-Secure has a strong reputation of contributing to the global cyber security community through F-Secure Labs and frequently publishing valuable cyber information. This experience brings high value to the CVE Team — we welcome this globally trusted partner!” said Scott Lawler, CEO LP3 and CVE Board Member.


More information on CNAs is available here.



About the CVE Program

The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA), of the U.S. Department of Homeland Security (DHS) and is operated by the MITRE Corporation in close collaboration with international industry, academic, and government stakeholders.

About F-Secure

F-Secure makes every digital moment more secure, for everyone. We deliver brilliantly simple, frictionless security experiences that make life easier for the tens of millions of people we protect and our 170 service provider partners. For more than 30 years, we’ve led the cyber security industry, inspired by a pioneering spirit born out of a shared commitment to do better by working together.

f-secure.com | twitter.com/fsecure | linkedin.com/f-secure

F-Secure media relations

Adam Pilkey

PR Content Manager

+358 40 637 8859

Press list

Sign up for media information from F-Secure.

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Press archive

By year

Browse through our news by year.

By category

Browse through our news by category.