YesWeHack, the global Bug Bounty and Vulnerability Management Platform, has been authorised as a CVE Numbering Authority (CNA) by the CVE Program.
This means YesWeHack can now assign CVE IDs to vulnerabilities and publish information about the vulnerability in the associated CVE Record.
The mission of the Common Vulnerabilities and Exposures (CVE™) Program is to identify, define and catalogue publicly disclosed cybersecurity vulnerabilities, which are discovered by security researchers and others in the cybersecurity community.
CVEs provide a common reference point for vulnerabilities and relevant, actionable details presented in a consistent format. This equips security professionals and organisations to correlate CVE data with suspected vulnerabilities within their own context, and to coordinate resources to efficiently understand, prioritise and remediate vulnerabilities.
Guillaume Vassault-Houlière, CEO and co-founder of YesWeHack, said:
“We’re honoured to become a CVE Numbering Authority and to play this important role in securing the digital ecosystem. Being entrusted with this responsibility attests to our pedigree and proven processes for managing vulnerabilities.
“By designating CVE IDs and managing CVE Records for certain vulnerabilities discovered through our Bug Bounty Programs, we hope to eliminate hassle for our affected customers and streamline the coordination, remediation and attribution of vulnerabilities.”
About YesWeHack
YesWeHack is a leading Bug Bounty and Vulnerability Management Platform. Founded by ethical hackers in 2015, YesWeHack connects organisations worldwide with more than 100,000 ethical hackers who uncover vulnerabilities in websites, mobile apps, connected devices and digital infrastructure.
The YesWeHack platform offers a range of integrated, API-based solutions: Bug Bounty (crowdsourcing vulnerability discovery); Vulnerability Disclosure Policy (creating and managing a secure channel for external vulnerability reporting); Pentest Management (managing pentest reports from all sources); Attack Surface Management (continuously mapping online exposure and detecting attack vectors); and ‘Dojo’ (ethical hacking training).
YesWeHack complies with strict security, financial traceability and privacy requirements. YesWeHack’s services are ISO 27001- and ISO 27017-certified and accredited by CREST. YesWeHack’s infrastructure uses EU-based, GDPR-compliant private hosting that meets the most stringent standards: ISO 27001, ISO 27017, ISO 27018, ISO 27701 and SOC II Type 2. The YesWeHack platform is also permanently subject to a public Bug Bounty Program.
About the CVE Program
The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.
