JFrog Ltd. (NASDAQ: FROG), the Liquid Software company and creators of the JFrog DevOps Platform, today announced it has been designated by the CVE Program as a CVE Numbering Authority (CNA). With this certification, JFrog joins an elite group of public and private sector organizations authorized to assign CVE identification numbers to newly discovered security vulnerabilities and publish related details in associated CVE Records for public consumption. This designation allows JFrog to collaborate with the global security community to accelerate threat detection, while providing its customers with the latest vulnerability information and differentiated remediation data via JFrog Xray.
“Becoming a CNA will not only allow us to help security researchers verify and triage their vulnerabilities but also help keep companies’ binaries more secure by collaborating on potential threats with the wider security community,” said Moran Ashkenazi, CISO and VP of Security Engineering, JFrog. “The number of security risks in software and connected devices continues to grow. As a CNA we’re empowered to work with the community to accelerate threat detection and share information on new vulnerabilities fast—before they compromise businesses.”
Cybersecurity and IT professionals worldwide use CVE records to identify, prioritize, and coordinate their efforts for addressing critical software vulnerabilities. CVE IDs are assigned by CNAs like JFrog on a voluntary basis. With this certification, JFrog becomes one of the only DevSecOps leaders to join approximately 180 other CNA authorized commercial entities such as Linux, Red Hat, Google, Microsoft, and more as trusted security community contributors.
“As a CNA, we can more effectively and efficiently disseminate the results of our unique research to our customers and the software community in general—for both newly discovered vulnerabilities and existing CVE records that may be inaccurate or incomplete,” said Asaf Karas,JFrog Security CTO “With this achievement, JFrog reinforces its commitment to being an active participant in the security community and providing our customers with scalable, secure, development to edge DevSecOps solutions.”