Information Security

WhiteSource Recognized with Elite Provider Ranking by NVD

WhiteSource achieves elite ranking in the NVD’s Collaborative Vulnerability Metadata Acceptance Process (CVMAP) program for the Common Vulnerability Scoring System v3.1 (CVSS v3.1) and Common Weakness Enumeration (CWE). WhiteSource is one of three companies to hold this prestigious level for CVSS v3.1, alongside software giants Oracle and Microsoft.

WhiteSource, a leader in open source security and management, today announced that it has been recognized at the Provider Acceptance Level for NIST’s National Vulnerability Database (NVD). The NVD is the largest and most comprehensive repository of reported known vulnerabilities, both in commercial and open source components. 

The NVD’s Collaborative Vulnerability Metadata Acceptance Process (CVMAP) program recognizes the superior accuracy of information that WhiteSource has contributed relative to assessments of Common Vulnerability Scoring System v3.1 (CVSS v3.1) and Common Weakness Enumeration (CWE). 

With 89 CVSS v3.1 participants, WhiteSource is one of only three to be recognized with the Provider Acceptance Level, alongside software giants Oracle and Microsoft. 

WhiteSource is the only company in the world with Provider Acceptance Level for both CVSS v3.1 and CWE. “This recognition of WhiteSource’s security analysis expertise reaffirms the community’s trust in our knowledge and reasserts our leading position at the forefront of application security technology,” said Rami Sass, Co-Founder, and CEO of WhiteSource. “As the impact of the latest vulnerabilities found in the popular Java logging framework Log4j demonstrates, the work we do with the NVD to protect organizations from malicious activity becomes even more critical. WhiteSource is proud to be recognized as a leading data provider.”

The NVD’s CVMAP program has established a set of acceptance levels that CVE Numbering Authorities (CNAs) such as WhiteSource can achieve, based on the data they provide through the Common Vulnerabilities and Exposures list (CVE). CNAs are entities authorized by NIST to assign CVE IDs to vulnerabilities and publish CVE Records. Separate acceptance levels are assigned for each submission category, such as CVSS v3.1 and CWE. As CNAs provide submission category data and NVD analysts provide analysis results, the CNA data is compared against the NVD analyst data. As the CNA and NVD data align, the acceptance level of the CNA for that submission category increases. 

Once an entity has been granted Provider Acceptance Level status, the data that they submit to the NVD is considered to be the same as data generated by NVD analysts and is immediately placed into the NVD data feeds. Providers are considered the leading contributors to the NVD. The CVMAP program maintains consistent practices across the information security community when providing standards and text-based information, alleviating the strain caused by the growing volume of CVE publications on NVD staff, and continuing to retain the quality of information for all consumers of CVE data.

For more such updates and perspectives around Digital Innovation, IoT, Data Infrastructure, AI & Cybersecurity, go to AI-Techpark.com.

Related posts

Open Raven Launches Managed Service for Data Security

Business Wire

Redspin Selected for DoD’s Cybersecurity Maturity Model

Business Wire

Echoworx & Saepio Information Security to Deliver Next-Gen Encryption

Business Wire