Vulnerabilities / Threats //

Vulnerability Management

12/22/2016
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Rapid7 Named Common Vulnerability and Exposure Numbering Authority

Boston, MA — December 20, 2016 -- Rapid7, Inc. (NASDAQ: RPD), a leading provider of IT and security analytics solutions, today announced that the Company has been designated as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA), effective immediately. Rapid7 will now be able to assign CVE numbers to vulnerabilities found in Rapid7’s and any other vendors’ products, whether they are disclosed by Rapid7 or third party researchers. CVEs assigned by Rapid7 will be added to the CVE list, an enumeration of information security vulnerabilities and exposures that provides a singular way of identifying publicly known cybersecurity issues.

The goal of CVE is to make it easier to share data across separate vulnerability tools, repositories, and services with standardized identifiers for given vulnerabilities or exposures. The common identifiers allow users to quickly and accurately access information about a problem across multiple information sources that are CVE-compatible. The MITRE Corporation (MITRE) manages and maintains the CVE List with assistance from the CVE Board. MITRE is a not-for-profit operator of seven federally funded research and development centers, and their mission is to work in the public interest. Their unique role allows them to provide an objective perspective with regard to disclosed vulnerabilities.

“We are honored to become a CNA and look forward to collaborating with MITRE, who have impressed us with their efforts to evolve the CVE program to meet ever-increasing needs,” said Corey Thomas, president and CEO at Rapid7. “Our support of reasonable disclosure practices is driven by our deep-seated commitment to supporting and empowering the community. Our goal is twofold: help improve and mature the security practices of vendors and manufacturers, while educating users on risk, so they can make informed decisions.”

Rapid7 has an established record of coordinated and reasonable disclosure practices, and has been a strong supporter of free and open security research through its open source efforts, including Metasploit Framework. As a provider of security software, services, and research, the Company takes security issues very seriously and recognizes the importance of privacy, security, and community outreach. In 2016 alone, Rapid7 coordinated with more than 25 vendors on vulnerability disclosures discovered by its researchers. These efforts are driven by a belief that security is a communal challenge and will only be meaningfully addressed through active collaboration. As such, the Company is committed to openly facilitating the sharing of security information that helps customers and the broader community learn, grow, and develop new security capabilities.

As a CNA, Rapid7 will assign CVE numbers to describe vulnerabilities identified in software products, once they are acknowledged by the affected vendors, in accordance with the rules and practices set forth by the CVE Board. More information about specific CVE guidelines can be found here: https://cve.mitre.org/cve/cna/CNA_Rules_v1.1.pdf.

For more information about Rapid7, please visit: https://www.rapid7.com/


About Rapid7

With Rapid7, technology professionals gain the clarity, command, and confidence to safely drive innovation and protect against risk. We make it simple to collect operational data across systems, eliminating blind spots and unlocking the information required to securely develop, operate, and manage today’s sophisticated applications and services. Our analytics and science transform your data into key insights so you can quickly predict, deter, detect, and remediate attacks and obstacles to productivity. Armed with Rapid7, technology professionals finally gain the insights needed to safely move their business forward. Rapid7 is trusted by more than 5,800 organizations across over 110 countries, including 37% of the Fortune 1000. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
Why Enterprises Can't Ignore Third-Party IoT-Related Risks
Charlie Miller, Senior Vice President, The Santa Fe Group,  5/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
The State of Ransomware
The State of Ransomware
Ransomware has become one of the most prevalent new cybersecurity threats faced by today's enterprises. This new report from Dark Reading includes feedback from IT and IT security professionals about their organization's ransomware experiences, defense plans, and malware challenges. Find out what they had to say!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11232
PUBLISHED: 2018-05-18
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVE-2017-15855
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, the camera application triggers "user-memory-access" issue as the Camera CPP module Linux driver directly accesses the application provided buffer, which resides in u...
CVE-2018-3567
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing the HTT_T2H_MSG_TYPE_PEER_MAP or HTT_T2H_MSG_TYPE_PEER_UNMAP messages.
CVE-2018-3568
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, in __wlan_hdd_cfg80211_vendor_scan(), a buffer overwrite can potentially occur.
CVE-2018-5827
PUBLISHED: 2018-05-17
In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WLAN while processing an extscan hotlist event.