WhiteSource, a leader in open source security and management, announced that it has been recognized at the Provider Acceptance Level for NIST’s National Vulnerability Database (NVD). The NVD is the largest and most comprehensive repository of reported known vulnerabilities, both in commercial and open source components.
The NVD’s Collaborative Vulnerability Metadata Acceptance Process (CVMAP) program recognizes the superior accuracy of information that WhiteSource has contributed relative to assessments of Common Vulnerability Scoring System v3.1 (CVSS v3.1) and Common Weakness Enumeration (CWE).
Recommended AI News: ADP Advances the Benefit Experience for Large and Medium-sized Businesses with API Integrations
With 89 CVSS v3.1 participants, WhiteSource is one of only three to be recognized with the Provider Acceptance Level, alongside software giants Oracle and Microsoft.
WhiteSource is the only company in the world with Provider Acceptance Level for both CVSS v3.1 and CWE. “This recognition of WhiteSource’s security analysis expertise reaffirms the community’s trust in our knowledge and reasserts our leading position at the forefront of application security technology,” said Rami Sass, Co-Founder, and CEO of WhiteSource. “As the impact of the latest vulnerabilities found in the popular Java logging framework Log4j demonstrates, the work we do with the NVD to protect organizations from malicious activity becomes even more critical. WhiteSource is proud to be recognized as a leading data provider.”
Recommended AI News: Numonix Expands Compliance and Business Features for Its IXCloud Compliance Recording Service for Microsoft Teams
The NVD’s CVMAP program has established a set of acceptance levels that CVE Numbering Authorities (CNAs) such as WhiteSource can achieve, based on the data they provide through the Common Vulnerabilities and Exposures list (CVE). CNAs are entities authorized by NIST to assign CVE IDs to vulnerabilities and publish CVE Records. Separate acceptance levels are assigned for each submission category, such as CVSS v3.1 and CWE. As CNAs provide submission category data and NVD analysts provide analysis results, the CNA data is compared against the NVD analyst data. As the CNA and NVD data align, the acceptance level of the CNA for that submission category increases.
Once an entity has been granted Provider Acceptance Level status, the data that they submit to the NVD is considered to be the same as data generated by NVD analysts and is immediately placed into the NVD data feeds. Providers are considered the leading contributors to the NVD. The CVMAP program maintains consistent practices across the information security community when providing standards and text-based information, alleviating the strain caused by the growing volume of CVE publications on NVD staff, and continuing to retain the quality of information for all consumers of CVE data.
Recommended AI News: Collibra Announces Investment from Snowflake to Expand Data Intelligence for Snowflake Data Cloud
[To share your insights with us, please write to sghosh@martechseries.com]
Comments are closed.