Seal Security is now a CVE Numbering Authority (CNA)

Seal Security, a leading provider of open source vulnerability and patch management solutions, has been authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA).

As a CNA, Seal Security will collaborate closely with open source communities to enhance security awareness by responsibly vetting, documenting, and disclosing vulnerabilities through the creation and assignment of CVE Records. These records are then published to the CVE List, a centralized database that serves as a critical resource for cybersecurity professionals worldwide.

By leveraging CVE Records, security teams can quickly identify, assess, and mitigate potential threats, thereby strengthening their organizations' overall security posture against emerging cyber risks.

"Becoming an authorized CVE Numbering Authority reinforces Seal Security's commitment to helping organizations maintain robust security," said Itamar Sher, CEO of Seal Security. "Beyond publishing CVE Records to provide consistent descriptions of vulnerabilities, we aim to help organizations secure these open source vulnerabilities, positively impact the open source security community, and ultimately keep our customers safe, secure, and productive."

In addition to creating and assigning CVE Records, Seal Security proactively leverages the CVE List to identify and remediate open source vulnerabilities. By providing standalone security patches, we ensure seamless and predictable fixes for vulnerabilities in both application code and images.

Currently, Seal Security's repository offers over 300 cryptographically signed, sealed packages with 2,500+ unique patches across seven programming languages: Python, Go, C# (.Net), JavaScript, Java, C, and C++. The solution also supports patching base container and virtual machine images based on RHEL, CentOS, and Fedora.

About the CVE Program
The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

‍

Curated OSS Catalogs: Enhancing Security and Efficiency in Software Development

Organizations are increasingly relying on open source software (OSS) to accelerate development and innovation. However, with great power comes great responsibility – and in this case, significant security risks. Enter the curated OSS catalog, a solution that ensures secure-by-default OSS usage. Let’s explore what a curated OSS catalog are and who stands to benefit from them.

The Impending EOL of CentOS 7: What You Need to Know and How to Prepare

As we approach the EOL, it's crucial to understand the current status of vulnerabilities in CentOS 7. The official docker container of CentOS 7 has 1 critical rated vulnerability, 13 high rated vulnerabilities, and 36 medium and low rated vulnerabilities. Even after installing all the available updates, we are still left with 2 highly rated and 17 medium and low vulnerabilities.

Eliminating Protestware Risks with Seal Security: Ensuring Secure Library Usage

In today's interconnected world, software vulnerabilities pose a significant threat to organizations of all sizes. To address these risks, companies typically rely on timely updates and patches for third-party libraries. However, a new challenge has emerged in the form of protestware – software intentionally manipulated to convey messages, potentially causing unintended consequences or harm.