Project Black is pleased to announce that we have been authorised by the CVE Program as a CVE Numbering Authority (CNA).

This means Project Black can assign CVE IDs to vulnerabilities and publish information about the vulnerability in the associated CVE Record.

As an organisation that routinely performs security research, becoming a CNA ensures that we can reduce disclosure delays and thereby improve security transparency for the wider community.

About the CVE Program  

The mission of the Common Vulnerabilities and Exposures (CVE™) Program is to identify, define, and catalogue publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organisations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritise and address the vulnerabilities.