NCSC may assign CVE numbers for vulnerabilities
The National Cyber Security Center (NCSC) yesterday became part of a global information technology system and is authorized to assign a unique identification number to reported bugs.
Every day, vulnerabilities and susceptibilities in IT systems and applications are discovered and reported worldwide. In order to avoid exploitation of these vulnerabilities as far as possible, their rapid remediation and thus information to operators and manufacturers is of high importance. Each vulnerability, called a Common Vulnerabilities and Exposure (CVE), is therefore assigned a unique CVE identification number. The mission of Mitre's CVE program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
The NCSC has been newly recognized by Mitre as an authorization body and thus for assigning CVE numbers. In this role, the NCSC is responsible for creating and publishing information about vulnerabilities reported to it and the associated CVE entries. The NCSC is thus not only the official point of contact for reporting security vulnerabilities in Switzerland, but also maintains their CVE numbers for international exchange.
Currently, NCSC is expanding vulnerability management and, since March 2021, has been taking via form receives reports of vulnerabilities in information technology systems and applications on its website in order to act as an intermediary in reporting them to the responsible owners. As part of its vulnerability management, the NCSC also recently completed the testing phase of the infrastructure for the Covid certificate and the first Pilot program concerning Bug Bounty closely accompanied in the federal administration.
Source: NCSC
