Axis Communications approved as CVE Numbering Authority (CNA)

Press release
May 26, 2021 - Lund, Sweden
Axis Communications, a market leader in network video surveillance has been approved as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA) for Axis products, authorizing our company to assign and publish CVE IDs to vulnerabilities in our products.  The CVE Program relies on the community to discover vulnerabilities. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program.

This will supersede Axis’ current owned ACV-numbering method (Axis critical vulnerability) to ensure vulnerability management according to industry standard practices. Customers will be able to make use of vulnerability notification services that the CVE Program offers in order to be able to quickly implement security hardening methods on Axis products and solutions.

The CVE program is well-established and many of the network security scanning tools use the CVE list as the library for their scanners. It allows companies to communicate consistent descriptions of vulnerabilities to help coordinate security efforts. This status will enable Axis to assign CVE identifiers to vulnerabilities within their own products and firmware and notify end customers of a vulnerability via their device or network scanning tool. Standardising this process further establishes Axis as a security authority.

Sebastian Hultqvist, Global Product Manager at Axis Communications commented, “Being recognised as a CNA is a testament to our ongoing work and underscores Axis’ vulnerability management and security best practices. The security of our products and solutions is always a key priority and we’re committed to working with both CVE Program and our customers to ensure that the problem-solving process for security risks is as quick and straightforward as possible.

“Bad actors won’t wait to exploit existing vulnerabilities to gain access to networks. This CNA appointment enables us to better support our customers in keeping their data safe, improve the transparency of our processes and ultimately increase trust.”

Axis’ ACV-numbering process will now be replaced by CVEs. These can be tracked in the MITRE database and further information can be found on Axis’ product security page.

 CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, for inclusion in first-time public announcements of new vulnerabilities. Each CNA has a specific Scope of responsibility for vulnerability identification and publishing. CNAs are the main method for requesting a CVE ID.

CVE is an international, community-based effort and relies on the community to discover vulnerabilities. The vulnerabilities are discovered then assigned and published to the CVE List

 

About the CVE Program

The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

Madeleine Eibrand
For further information, please contact: Madeleine Eibrand, Communications Specialist, Axis Communications
Phone: +46 46 272 18 00
More about

About Axis Communications

Axis enables a smarter and safer world by creating network solutions that provide insights for improving security and new ways of doing business. As the industry leader in network video, Axis offers products and services for video surveillance and analytics, access control, intercom and audio systems. Axis has more than 3,8​00 dedicated employees in over 50 countries and collaborates with partners worldwide to deliver customer solutions. Axis was founded in 1984 and has its headquarters in Lund, Sweden. For more information about Axis, please visit our website www.axis.com.