The US Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) has taken over responsibility for assigning Common Vulnerability Enumeration (CVE) identifiers for software vulnerabilities in two specific industries — medical devices and industrial control systems — as part of a planned expansion in the number of organizations managing vulnerability information, according to CISA and government contractor MITRE. CISA, which informs and manages cybersecurity risk for the United States, will become a so-called “root-level CVE Number Authority (CNA),”
Read full article on Dark Reading