Colleagues, The following announcement was posted on the CVE Blog<https://www.cve.org/Media/News/item/blog/2022/01/25/CVE-Program-Expands-Partnership-with> as well as shared on CVE's Twitter<https://twitter.com/CVEannounce/status/1486083819610460160?cxt=HHwWgMCy5YfX0J8pAAAA>, LinkedIn<https://www.linkedin.com/feed/update/urn:li:activity:6891869274122588160>, and Medium<https://medium.com/@cve_program/cve-program-expands-partnership-with-google-dd5318edfc59> social media channels:
CVE Program Expands Partnership with Red Hat The CVE(r) Program<https://www.cve.org/> is expanding its partnership with Red Hat, Inc.<https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat> for managing the assignment of CVE Identifiers (CVE IDs)<https://www.cve.org/ResourcesSupport/Glossary?activeTerm=glossaryCVEID> for the CVE Program for open source. Red Hat is now designated as a Root<https://www.cve.org/ResourcesSupport/Glossary?activeTerm=glossaryRoot> for any open-source organizations that choose Red Hat as their Root. However, organizations are free to choose another Root if it suits them better. As a Root, Red Hat is responsible for ensuring the effective assignment of CVE IDs, implementing the CVE Program rules and guidelines, and managing the CVE Numbering Authorities (CNAs)<https://www.cve.org/ProgramOrganization/CNAs> under its care. It is also responsible for recruitment and onboarding of new CNAs and resolving disputes within its scope. A CNA is an organization responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record<https://www.cve.org/ResourcesSupport/Glossary?activeTerm=glossaryRecord>. Each CNA has a specific scope of responsibility for vulnerability identification and publishing. Currently, Google<https://www.cve.org/PartnerInformation/ListofPartners/partner/Google>, JPCERT/CC<https://www.cve.org/PartnerInformation/ListofPartners/partner/jpcert>, Red Hat<https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat>, and Spanish National Cybersecurity Institute (INCIBE)<https://www.cve.org/PartnerInformation/ListofPartners/partner/INCIBE> are Roots under the MITRE Top-Level Root<https://www.cve.org/PartnerInformation/ListofPartners/partner/mitre>. There are currently 237 organizations from 35 countries actively participating in the CVE Program. Red Hat's Root designation consolidates Red Hat as the key agent of information exchange among open-source organizations and projects participating as CNAs, thereby ensuring that all parties will work together to expedite the assignment of CVE IDs and publication of CVE Records and help improve cybersecurity worldwide. Respectfully, CVE Program Secretariat cve-prog-secretar...@mitre.org<mailto:cve-prog-secretar...@mitre.org> [A picture containing text, clipart Description automatically generated]