CERT-In authorized as CVE Numbering Authority (CNA)
Source : PIB
GS III : Economy
What is discussed under CERT-In authorized as CVE Numbering Authority (CNA) ?
- About the Order
- How it helps
- Indian Computer Emergency Response Team ( CERT-In)
Why in News ?
Indian Computer Emergency Response Team ( CERT-In) has been undertaking responsible vulnerability disclosure and coordination for vulnerabilities reported to CERT-In in accordance to its vulnerability coordination role as a National CERT since its inception.
Key Facts
- To move a step further in the direction to strengthen trust in “Make in India” as well as to nurture responsible vulnerability research in the country, CERT-In has partnered with the Common Vulnerabilities and Exposures (CVE) Program.
- In this regard, Indian Computer Emergency Response Team (CERT-In) has been authorized by the CVE Program, as a CVE Numbering Authority (CNA) for vulnerabilities impacting all products designed, developed and manufactured in India.
About CVE
- CVE is an international, community-based effort and relies on the community to discover vulnerabilities.
- The vulnerabilities are discovered then assigned and published to the CVE List.
- Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.
- The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
- It is an international, community-based effort and relies on the community to discover vulnerabilities.
- The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program.
- Partners publish CVE Records to communicate consistent descriptions of vulnerabilities.
About CNA
- CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the Vulnerability in the associated CVE Record.
- The CVE List is built by CVE Numbering Authorities (CNAs). Every CVE Record added to the list is assigned by a CNA.
- The CVE Records published in the catalog enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks.
- Each CNA has a specific Scope of responsibility for vulnerability identification and publishing.
About Indian Computer Emergency Response Team ( CERT-In)
- CERT-In is a national nodal agency under Ministry of Electronics and Information Technology, Government of India, with the objective of securing Indian cyber space.
- CERT-In is collaborating with overseas Computer Emergency Response Teams (CERTs) for incident response and resolution.
Daily Current Affairs : Click Here