PLEASANTON, CALIF.– May 19, 2020 – OpenVPN has long been the de facto standard in the open source networking space — and is now a member of the CVE Numbering Authority (CNA) program. OpenVPN is now stepping up to be more directly involved in assigning and managing CVEs related to all the OpenVPN software projects. By becoming a CNA, OpenVPN joins the world's top technology and cybersecurity organizations in furthering the cybersecurity community.
CVE Numbering Authorities (CNAs) are organizations from around the world authorized to assign CVE IDs to vulnerabilities affecting products within their scope, for inclusion in first-time public announcements of new vulnerabilities. These CVE IDs are then provided to researchers, vulnerability disclosure organizations, and information technology vendors. CVE also feeds the U.S. National Vulnerability Database (NVD).
MITRE launched the CVE List as a community effort in 1999, and since then, only 125 organizations and firms have joined the effort. However, the members of the CNA program are comprised of the world's top technology organizations. And now, OpenVPN is entering the program.
“We have always had an interest in ensuring security issues have been resolved properly. Now we’re stepping up and taking more responsibility. We will work even harder to ensure reports are being processed more diligently and that we follow clear and well-defined processes from the moment we receive a report until the issue has been resolved,” explains David Sommerseth, Core Team Lead at OpenVPN Inc. “By becoming a CNA it is more clear where and how security issues need to be reported, which makes the whole reporting process more predictable and easy to follow.”
OpenVPN Inc. sponsors several OpenVPN related open source projects, all well rooted in GPL licenses. The project has many developers and contributors from OpenVPN Inc. and the broader OpenVPN community. OpenVPN will now have more control over the accuracy of what is reported — leading to a better experience for users.
"Now that OpenVPN is participating as CVE Numbering Authority, we are showing our dedication and involvement in the proper handling of security issues that come up in the OpenVPN software," says Johan Draaisma, Access Server Product Manager at OpenVPN Inc. "We are stepping up as the responsible party for our software and taking charge of dealing with security issues."
We are a provider of next-generation secure and scalable communication services. Our award-winning open source VPN protocol has established itself as a de-facto standard in the open source networking space with over 60 million downloads since inception. OpenVPN has an integrated suite of leading-edge networking and software technologies to deliver secure, reliable, and scalable virtual network software to meet the security needs for businesses of any size.