Jamf named CVE Numbering Authority
Jamf has been authorized by the Common Vulnerabilities and Exposures (CVE) program as a CVE Numbering Authority! Learn more about the CVE program and what this means for Jamf.
The Common Vulnerabilities and Exposures (CVE) program aims to identify, define and catalog publicly-disclosed cybersecurity vulnerabilities. Vulnerabilities are discovered by members of the cybersecurity community and are published to the CVE list for other members to reference. CVEs in the list have standardized information, like the affected vendor, impact and vectors.
The CVE list helps organizations:
- Keep up to date on the latest security threats
- Create action plans to address vulnerabilities in their system
- Collaborate with other cybersecurity professionals while working with consistent information
Vulnerabilities listed in the CVE database are also added to the U.S. National Vulnerability Database (NVD).
CVE numbering authorities
CVE numbering authorities, CNAs, assign CVE IDs and describe and publish information associated with vulnerabilities. CNAs publish CVEs within the scope of their responsibility. CNAs essentially create the CVE list for others to reference.
What this means for Jamf
Jamf can now seamlessly submit and update CVE records to the CVE list within the Jamf product scope, including our products, tools and open-source projects. This way, we can better inform the community about potential issues to help reduce the impact a vulnerability may have.
Have you identified a vulnerability?
If you would like to report a vulnerability you discovered in our products, you can:
- Submit it to the Jamf Vulnerability Disclosure Program
- Contact your Jamf representative or Support
See Jamf on the CVE website.