Skip navigation

Ericsson authorized as CVE Numbering Authority

Ericsson (NASDAQ: ERIC) has been authorized as a CVE Numbering Authority (CNA) by the Common Vulnerabilities and Exposures (CVE) Program. 

Jan 31, 2024
CVE logo

The prominent designation allows Ericsson to identify and catalog publicly disclosed software system weaknesses - known as vulnerabilities - and contribute to the global effort to improve cybersecurity and strengthen digital resilience. CNAs are organizations authorized to assign CVE identifiers to vulnerabilities affecting products and solutions within their specified scope.

The CVE Program is a community-driven initiative that relies on partnerships with organizations worldwide, including industry, academic and government representatives, to discover, define and maintain open data registry of publicly known cybersecurity vulnerabilities (CVE List). CVE is known as the de facto international standard for uniquely identifying vulnerabilities.

CVE IDs, assigned and published by CNAs like Ericsson, are unique identifiers for specific cybersecurity issues, enabling consistent and reliable communication to help provide collaboration among information technology and security professionals. CVE Records published in the catalog empower stakeholders to rapidly identify vulnerabilities, ensuring timely and effective responses to potential security threats.

Mikko Karikytö, Chief Product Security Officer & Head of Product Security at Ericsson says: "Our authorization as a CVE Numbering Authority (CNA) is a proof point in our ongoing commitment to cybersecurity excellence. We are honored to join the CVE community and contribute to addressing cybersecurity vulnerabilities. This is in line with our efforts to provide resilient high-performing secure digital infrastructure and meet demanding requirements."

By becoming a CNA, Ericsson further strengthens its commitment to provide customers with comprehensive and up-to-date information about cybersecurity vulnerabilities, enabling them to respond effectively to potential threats and contribute to their overall cybersecurity posture.

The designation is the latest step in 20 years of Ericsson Product Security efforts to increase the trust and reliability of telecom products. Ericsson Product Security Incident Response Team (PSIRT) has recently published an updated product vulnerability disclosure policy and established a dedicated security bulletin webpage where CVEs assigned by Ericsson will be posted. For further information visit Ericsson PSIRT.