Keeper Security Now a CVE Numbering Authority
Keeper Security, the industry leader in password and passkey management, secrets management, secure remote access, encrypted messaging and privileged access management, announced today it has been authorised by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA). Keeper is the first password management company to join this global effort to identify, define and catalogue publicly disclosed cybersecurity vulnerabilities.
As a CNA, Keeper has the ability to directly assign CVE IDs and publish CVE records for vulnerabilities discovered in its own source code and vulnerabilities in third-party software discovered by the Keeper team that are not in another CNA’s scope. Keeper can then publish that information via the CVE List, which information technology and cybersecurity professionals around the world use to coordinate their efforts to prioritize and address the vulnerabilities.
“Becoming a CNA partner highlights our ongoing commitment to the responsible disclosure of potential security issues,” said Craig Lurey, CTO and Co-Founder of Keeper Security. “Our mission is to provide the world’s most secure and innovative cybersecurity software, and we believe that programs like CVE are a vital component to ensuring the security of all digital products and services people rely on.”
CVE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). CISA uses the CVE List to compile its Known Exploited Vulnerability Catalog, which organisations use to prioritise remediation of listed vulnerabilities, reducing the likelihood of compromise by known threat actors. The CVE list also feeds into the National Institute of Standards and Technology (NIST) U.S. National Vulnerability Database, which is the government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol.
Keeper Security is committed to the industry’s best practice of responsible disclosure of potential security issues. Keeper takes the security and privacy of its customers seriously and is committed to protecting their personal data. Keeping users secure is core to Keeper’s values as an organisation. Keeper values the input of good-faith researchers and believes that an ongoing relationship with the cybersecurity community helps ensure user security and privacy and makes the Internet a more secure place overall. This includes encouraging responsible security testing and disclosure of security vulnerabilities.
Keeper performs quarterly application penetration testing on all of its products and systems with 3rd party penetration testers, including NCC Group and Cybertest. These include red-team style penetration tests of both internal and externally exposed systems with full source code access. Keeper has also partnered with Bugcrowd to manage its bug bounty and Vulnerability Disclosure Program (VDP), which rewards ethical hackers for successfully discovering and reporting vulnerabilities, leveraging the hacker community to continuously uphold Keeper’s high-security standards.