Axis Communications, a market leader in network video surveillance has been approved as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA) for Axis products, authorizing our company to assign and publish CVE IDs to vulnerabilities in our products. The CVE Program relies on the community to discover vulnerabilities. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program.
This will supersede Axis’ current owned ACV-numbering method (Axis critical vulnerability) to ensure vulnerability management according to industry standard practices. Customers will be able to make use of vulnerability notification services that the CVE Program offers in order to be able to quickly implement security hardening methods on Axis products and solutions.
The CVE program is well-established and many of the network security scanning tools use the CVE list as the library for their scanners. It allows companies to communicate consistent descriptions of vulnerabilities to help coordinate security efforts. This status will enable Axis to assign CVE identifiers to vulnerabilities within their own products and firmware and notify end customers of a vulnerability via their device or network scanning tool. Standardising this process further establishes Axis as a security authority.
Sebastian Hultqvist, Global Product Manager at Axis Communications commented, “Being recognised as a CNA is a testament to our ongoing work and underscores Axis’ vulnerability management and security best practices. The security of our products and solutions is always a key priority and we’re committed to working with both CVE Program and our customers to ensure that the problem-solving process for security risks is as quick and straightforward as possible.
“Bad actors won’t wait to exploit existing vulnerabilities to gain access to networks. This CNA appointment enables us to better support our customers in keeping their data safe, improve the transparency of our processes and ultimately increase trust.”
Axis’ ACV-numbering process will now be replaced by CVEs. These can be tracked in the MITRE database and further information can be found on Axis’ product security page.
CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, for inclusion in first-time public announcements of new vulnerabilities. Each CNA has a specific Scope of responsibility for vulnerability identification and publishing. CNAs are the main method for requesting a CVE ID.
CVE is an international, community-based effort and relies on the community to discover vulnerabilities. The vulnerabilities are discovered then assigned and published to the CVE List.
About the CVE Program
The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.
Axis enables a smarter and safer world by creating solutions for improving security and business performance. As a network technology company and industry leader, Axis offers solutions in video surveillance, access control, intercom, and audio systems. They are enhanced by intelligent analytics applications and supported by high-quality training.
Axis has around 4,000 dedicated employees in over 50 countries and collaborates with technology and system integration partners worldwide to deliver customer solutions. Axis was founded in 1984, and the headquarters are in Lund, Sweden.