Skip to main content

Contact UsContact Us

HIRT-PUB22001 : CVE Numbering Authority (CNA)

Last Update: July 05, 2022

As of June 7, 2022, HIRT (Hitachi Incident Response Team) has become a CVE Numbering Authority (CNA). As a CNA, HIRT will assign CVE IDs and publish CVE Records for vulnerabilities found in Hitachi products.

For Hitachi products reported with vulnerabilities, we will assign CVE IDs and disclose them in a timely manner to protect the security and safety of our products and customers.

1. About CVE

The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.

A CVE Identifier (CVE ID) is "A unique, alphanumeric identifier assigned by the CVE Program. Each identifier references a specific vulnerability. A CVE ID enables automation and multiple parties to discuss, share, and correlate information about a specific vulnerability, knowing they are referring to the same thing."

A CVE Record is "The descriptive data about a vulnerability associated with a CVE ID, provided by a CNA. This data is provided in multiple human and machine-readable formats."

A CVE Numbering Authority (CNA) is "An organization responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the Vulnerability in the associated CVE Record. Each CNA has a specific Scope of responsibility for vulnerability identification and publishing."

2. Hitachi Activities

HIRT, Hitachi Energy PSIRT Team and Hitachi Vantara product team are active as CNAs.

3. References

4. Update history

July 05, 2022
  • Add: HitachiVantara
June 07, 2022
  • This webpage was newly created and published.

Masato Terada (HIRT) and Naoko Ohnishi (HIRT)