June 2, 2021 – BD (Becton, Dickinson and Company) (Franklin Lakes, NJ) announced it has become the first medical technology company authorized as a Common Vulnerability and Exposures (CVE) Numbering Authority by the CVE Program.
As a CVE Numbering Authority (CNA), BD is authorized to assign CVE identification numbers to newly discovered vulnerabilities in its software-enabled products. This includes using the Common Weakness Enumeration (CWE) system to classify vulnerability types and applying the Common Vulnerability Scoring System (CVSS) to communicate vulnerability characteristics and severity.
The purpose of the CVE Program is to bolster international cybersecurity defense by cataloguing publicly disclosed cybersecurity vulnerabilities. The CVE Program is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and operated by MITRE Corporation.
“The CVE Program is the de facto international standard for vulnerability identification and naming,” said CVE Board Member Chris Levendis. “Being authorized as a CVE Numbering Authority demonstrates mature vulnerability management practices and a strong commitment to cybersecurity. By making accurate and timely vulnerability information available, CNAs like BD help their customers streamline early-stage vulnerability management.”