National Security Authority gains prestigious international status in vulnerability identification

The National Security Authority has been granted CVE Numbering Authority (CNA) status. This will give it greater flexibility in assigning vulnerability identifiers (CVE numbers).

The National Cyber Security Centre SK-CERT will be one of 12 CERTs from around the world to have this status. It will be only the third of its kind in Europe.

The CVE programme includes the identification, definition and cataloguing of discovered vulnerabilities. With this information, experts will be able to communicate effectively, coordinate their priorities and address vulnerabilities.

CVE is an internationally recognized system that builds on the community’s efforts to discover vulnerabilities and, once discovered, assign them a CVE number and publish them in the CVE database.

The CNA status is not only an important step for the National Security Authority, but also for Slovakia. It streamlines the process of coordinated vulnerability reporting and simplifies the assignment of CVE numbers and publication of vulnerabilities. Organisations that operate systems and services, as well as ordinary users, can have access to vulnerability information much faster.

The National Security Authority applied for the status in 2022. However, as recently as 2019, it issued Vulnerability Notification Guidance, which includes rules for coordinated vulnerability notification at the national level. These should be followed by all ethical hackers and researchers who discover and report vulnerabilities to affected entities.

SK-CERT acts as a coordinator on the territory of the Slovak Republic, which means that if an ethical hacker or researcher finds a vulnerability, they can address the notification with SK-CERT. The unit can then coordinate the whole process, deal with the reservation of the CVE number, communication with the affected entity, and oversee compliance with the coordinated vulnerability notification rules.

All the necessary information about vulnerability notification, the CVE program and CNA can be found on our website in the Vulnerability Notification section.

« Späť na zoznam