In the course of the development of the SaaS tool >MEDUSA< we frequently do research on firmware samples. Therefore, we often identify undiscovered vulnerabilities and security gaps, as recent publications and talks have proven.

We reported such vulnerabilities to vendors and requested CVE (Common Vulnerabilities and Exposures) tracking numbers via official ways at MITRE. As we detect a high number of vulnerabilities with firmware emulation, we need a lot of CVE numbers. To accelerate this process for us and for our customers in the future, we have applied to become a CNA (CVE Numbering Authority).

Starting with March, 2023, CyberDanube is an official CNA! We affirm our commitment and leadership in the field of cybersecurity, which is incorporated in our MEDUSA and BCDR products. Not only will this allow us to fully manage the CVE number publication process, but it will also significantly streamline the vulnerability disclosure process and allow us to view locked down information, providing our customers with valuable first-hand vulnerability information to their customer base.

Currently, 281 partners from 36 countries are registered as official CNA. (As of March 2023). CyberDanube is now 1 of only 2 (!) CNAs in Austria, and the first research CNA in this country. We are proud of this remarkable milestone and look forward to working on our cybersecurity tools and uncovering more zero-day vulnerabilities. In the future we will be able to report all findings in a regulated, transparent, quick and efficient way.

See the CVE Program announcement: www.cve.org/Media/News

We are happy to get in touch for further discussions, questions and in particular, interest in the topic!

Contact: office [at] cyberdanube.com