2020-6-24-announce-cna.md 3.0 KB
Newer Older
L
liujingang09 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
+++
title = "openEuler Becomes a Member of the CNA Program"
date = "2020-06-24"
tags = ["CVE", "CNA", "Security"]
archives = "2020-06-24"
author = "liujingang09, openEuler Security Committee"
summary = "openEuler Becomes a Member of the CNA Program"
+++

### openEuler Becomes a Member of the CNA Program

The openEuler community attaches great importance to the community version security. To quickly respond to and handle security issues related to the openEuler, the community has developed a complete vulnerability management policy. On June 24, 2020, openEuler joins the CVE Numbering Authority (CNA) Program. Currently, openEuler is entitled to assign and manage CVEs related to the openEuler community. By joining the CNA Program, openEuler applies mature vulnerability management standards in the industry to promote the community cyber security. 

The security committee of openEuler community is responsible for building community security engineering and improving vulnerability response capabilities. We hope that security experts and enthusiasts who are interested in openEuler can join our hands to enhance the openEuler community security.

#### Vulnerability management policy:
                 https://openeuler.org/en/security.html
#### What is CVE?
+ CVE is an international, community-based effort that maintains a community-driven, open data registry of vulnerabilities. 
+ The CVE IDs assigned through the registry enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks. 
+ The CVE List is built by CVE Numbering Authorities (CNAs). Every CVE Entry added to the list is assigned by a CNA.
+ The CVE List feeds the U.S. National Vulnerability Database (NVD).
L
Librahang 已提交
23

L
liujingang09 已提交
24 25
#### CVE Value:
+ CVE enables two or more people or tools to refer to a vulnerability and know they are talking about the same thing, resulting in significant time and cost savings. 
L
Librahang 已提交
26

L
liujingang09 已提交
27 28 29 30 31
#### CVE is Community Driven:
+ The CVE Program relies on the community (vendors, end users, researchers, and more) to discover and register vulnerabilities.
+ CVE IDs are assigned by CVE Numbering Authorities (CNAs), which are operated on a voluntary basis by participating organizations.
+ The CVE Board, which drives the direction of the CVE Program, consists of industry, academic, and government representatives from around the world.
+ CVE Working Groups develop the program’s policies (approved by the CVE Board) and are open to the community.
L
Librahang 已提交
32

L
liujingang09 已提交
33 34
#### Sponsored by:
+ [The CVE Program](https://cve.mitre.org/) is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA, [https://www.cisa.gov/](https://www.cisa.gov/)of the U.S. Department of Homeland Security (DHS) and is operated by [the MITRE Corporation](https://www.mitre.org/) in close collaboration with international industry, academic, and government stakeholders
L
Librahang 已提交
35

L
liujingang09 已提交
36 37 38
#### What are CNAs (CVE Numbering Authorities)
+ CNAs are organizations authorized by the CVE Program to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope.