Hikvision, the world’s leading IoT solutions provider with video as its core technology, has been designated as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA).
Hikvision, the world’s leading IoT solutions provider with video as its core technology, has been designated as a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA). This appointment enables the hi-tech security solutions provider to assign CVE identifiers to flaws reported.
As of 10 February 2018, Hikvision can assign CVE identifiers to vulnerabilities found in its own products and firmware, regardless of whether the issues have been disclosed by Hikvision employees or third-party experts. This is the first step towards vulnerabilities disclosure, verification and solutions release, and the appointment will help speed up the problem-solving process for potential security risks. The announcement is a vote of confidence in Hikvision from within the industry, indicating that the company has gained international recognition not only for the way it handles vulnerabilities and exposures efficiently and effectively, but also for its attitude of being transparent and accountable at all times.
“We are honoured to become a CNA and will keep collaborating with MITRE, to deal with potential security vulnerabilities in a timely and efficient manner,” said Mr. Bin Wang, Chief Officer at Hikvision Network and Information Security Laboratory and Network Security Department. “The CNA appointment will help iron out the creases in the information exchanges between security researchers and security solution providers. This will result in end users enjoying meaningful and security issue.”
“Our support of the cyber security vulnerabilities disclosure practices is driven by our deep-seated commitment to supporting and empowering the commercial and civil communities,” said Mr. Daniel Huang, Hikvision Oceania Managing Director, remarked. “Our goal is twofold: help improve and mature the security practices based on Hikvision solutions provided over the years, and continually keep end-users in the loop, so they can stay informed of the potential risks and have timely solutions to solve those issues.”