Nozomi Networks Becomes CVE Numbering Authority

Nozomi Networks, a company that specializes in the security of OT and IoT systems, on Tuesday announced that it has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA).

As a CNA, the company will be able to assign CVE identifiers to vulnerabilities found in its own products or in third-party IoT and industrial products that are not covered by another organization.

There are currently over 130 CVE Numbering Authorities across 24 countries, but Nozomi says it’s the first OT and IoT cybersecurity firm to become a CNA.

Researchers at Nozomi have identified a significant number of vulnerabilities in industrial products, including from Emerson, Siemens and Mitsubishi Electric. The company says CISA has published 13 advisories based on its employees’ findings.

“We are pleased to grant Nozomi Networks CVE Numbering authority,” said Scott Lawler, CEO of LP3 and CVE Board Member. “In addition to a deep commitment to ensuring the security of their own products, a team of researchers in Nozomi Networks Labs also works to identify vulnerabilities in other industrial equipment and software.”

“Nozomi Networks leads their industry in the number of responsible disclosures made to the United States ICS-CERT. They’ve consistently demonstrated a high level of professionalism and expertise in helping impacted customers and vendors quickly address identified vulnerabilities. Their specialized expertise in OT and IoT cybersecurity and the processes they have established to ensure the cybersecurity of their own products make them a valued member of the CNA team,” Lawler added.

Related: GitHub Becomes CVE Numbering Authority, Acquires Semmle

Related: Rapid7 Appointed CVE Numbering Authority

Related: SAP Becomes CVE Numbering Authority