Yesterday, CISA announced a new CVE Partner, OMICRON Electronics. This now makes OMICRON a CVE Numbering Authority under the CISA-ICS Root authority. That means that OMICRON can now assign CVE numbers and publish CVE records for vulnerabilities in its products, either those it detects itself or those reported to it. This also means that OMICRON has established a vulnerability disclosure process and point of contact for vulnerability reporting.
As a practical matter going forward, when OMICRON publishes an advisory (see here for example) their products, the vulnerabilities reported in the advisory that are not 3rd party vulnerability would be expected to have CVE numbers assigned and included in the advisory.
Posts
No comments:
Post a Comment