Hikvision, the world’s leading IoT solutions provider with video as its core technology, has been designated as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA). This appointment enables the hi-tech security solutions provider to assign CVE identifiers to flaws reported.
As of today, Hikvision can assign CVE identifiers to vulnerabilities found in its own products and firmware, regardless of whether the issues have been disclosed by Hikvision employees or third-party experts. This is the first step towards vulnerabilities disclosure, verification and solutions release, and the appointment will help speed up the problem-solving process for potential security risks. The announcement is a vote of confidence in Hikvision from within the industry, indicating that the company has gained international recognition not only for the way it handles vulnerabilities and exposures efficiently and effectively, but also for its attitude of being transparent and accountable at all times.
“We are honored to become a CNA and will keep collaborating with MITRE, to deal with potential security vulnerabilities in a timely and efficient manner,” said Bin Wang, Chief Officer at Hikvision Network and Information Security Laboratory and Network Security Department. “The CNA appointment will help iron out the creases in the information exchanges between security researchers and security solution providers. This will result in end users enjoying meaningful and timely assistance with tackling cyber security issue.”
“Our support of the cyber security vulnerabilities disclosure practices is driven by our deep-seated commitment to supporting and empowering the commercial and civil communities,” Daniel Huang, Hikvision Oceania Managing Director, remarked. “Our goal is twofold: help improve and mature the security practices based on Hikvision solutions provided over the years, and continually keep end-users in the loop, so they can stay informed of the potential risks and have timely solutions to solve those issues.”
CNAs are organisations from around the world that are authorised to assign CVE Entries to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. CNAs are the main method for requesting a CVE ID. Apart from Hikvision, there are 80+ organizations currently participating as CNAs. The list includes Facebook; Google; Apple; IBM; Intel; Airbus; Alibaba; Microsoft; Adobe; BlackBerry; Cisco; Netflix; Oracle; Rapid 7; Schneider Electric; Siemens; HP; CERT/CC; Check Point; Debian GNU/Linux; Dell EMC; HackerOne; ICS-CERT; OpenSSL and MITRE (primary CNA).