← Cybersecurity Alphabet Soup

CNA

CVE Numbering Authority

appsechard

A CNA is an organization authorized by the CVE Program to assign CVE identifiers to vulnerabilities in its scope, typically its own products or a research area. Large vendors like Microsoft and Red Hat act as CNAs so they can issue IDs directly when fixing flaws. The system decentralizes vulnerability cataloging so disclosures are not bottlenecked through a single authority.

Sources

More in appsec