SailPoint Authorized as a CVE Numbering Authority (CNA) 

As part of SailPoint’s ongoing commitment to the security of its products and services and to further promote transparency in the protection of its offerings, SailPoint has been authorized by the CVE Program as a CVE Numbering Authority (CNA), which enables SailPoint to assign CVEs to vulnerabilities identified in its offerings.   

Once a vulnerability in a SailPoint offering has been assigned a CVE, it will be published on SailPoint’s Security Advisories webpage and the CVE official website.  

What are CNAs (CVE Numbering Authorities)  

CNAs are organizations responsible for regularly assigning CVE IDs to vulnerabilities and for creating and publishing information about the Vulnerability in the associated CVE Record.   

What is CVE?  

CVE is an international, community-based effort and relies on the community to discover vulnerabilities. The vulnerabilities are found, assigned, and published to the CVE List. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue and coordinate their efforts to prioritize and address the vulnerabilities.    

The CVE Records published in the catalog enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks.   

The CVE List is built by CVE Numbering Authorities (CNAs). Every CVE Record added to the list is assigned by a CNA. The CVE List feeds the U.S. National Vulnerability Database (NVD). 


Discussion