Wind River®, a global leader in delivering software for mission-critical intelligent systems, today announced that it has been authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA). Wind River now joins the mission of the CVE Program to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

“As industries transform toward a more connected and intelligent world, the threat landscape is rapidly evolving and security continues to be a top concern. Becoming a CVE Numbering Authority will allow Wind River to deliver even higher levels of service to our customers and to further demonstrate our commitment to cybersecurity and vulnerability management,” said Eashwer Srinivasan, corporate vice president, Engineering, Wind River.

CVE is an international, community-based effort to discover vulnerabilities. Vulnerabilities are assigned and published to the CVE List, which is built by CNAs. The CVE List also feeds into the National Institute of Standards and Technology (NIST) U.S. National Vulnerability Database (NVD), the U.S. government repository of standards-based vulnerability management data represented using the Security Content Automation Protocol (SCAP).

As a CNA, Wind River can assign CVE IDs to vulnerabilities and publish CVE information about a given vulnerability in the associated CVE Record. Once CVEs are published to the CVE List, information technology and cybersecurity professionals worldwide can use CVE Records to rapidly discover and correlate the information to address vulnerabilities and protect their systems against potential attacks.

The CVE Program is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA). For the benefit of the cybersecurity community and to help every organization better manage vulnerabilities and keep pace with threat activity, CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild — the Known Exploited Vulnerability (KEV) catalog. CISA uses the CVE List to compile KEV.

About Wind River

Wind River is a global leader in delivering software for mission-critical intelligent systems. For more than four decades, the company has been an innovator and pioneer, powering billions of devices and systems that require the highest levels of security, safety, and reliability. Wind River software and expertise are accelerating digital transformation across industries including automotive, aerospace, defense, industrial, medical, and telecommunications. The company offers a comprehensive portfolio supported by world-class global professional services and support and a broad partner ecosystem. To learn more, visit Wind River at www.windriver.com.

Wind River is a trademark or registered trademark of Wind River Systems, Inc., and its affiliates. Other names may be the trademarks of their respective owners.

Jenny Suh Wind River 510-749-2972 jenny.suh@windriver.com