SecAlerts Blog

What is a CNA?

A CNA (CVE Numbering Authority) is an organization located around the world that has the authority to assign CVE IDs to vulnerabilities. These organizations include bug bounty programs, national and industry computer emergency response teams (CERTs), vendors, and vulnerability researchers.

Organisations don't pay to become a CNA and must agree to become a public service of sorts, volunteering their time and providing CVE IDs for free. They must also have a "public vulnerability disclosure policy" and a "public source for new vulnerability disclosures."

As of December 13 2019, there are 110 organizations in 20 countries acting as CNAs. The USA leads the way with 67 ...

Australia: 1

Austria: 1

Belgium: 1

Canada: 2

China: 9

France: 1

Germany: 6

India: 1

Ireland: 1

Israel: 1

Japan: 3

Netherlands: 2

Philippines: 1

Romania: 1

Russia: 2

South Korea: 2

Switzerland: 1

Taiwan: 3

UK: 2

USA: 67

SecAlerts isn't a CNA but alerts you to CVEs as soon as they are published (sometimes vendors delay releasing CVEs). Enter your software stack and receive a free weekly report with a round-up of CVEs (& security news) unique to your stack: www.secalerts.co

Other terms concisely explained:

What is a CVE?

What is a CVE ID?

What is a vulnerability?

What is a CVSS?

What is a zero-day?

What is a bug bounty program?

What is CVE?

Get weekly security news and vulnerability alerts

Join 916 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: