Payara Boosts Cybersecurity Credentials as CVE Numbering Authority
Originally published on 02 Jun 2023
Last updated on 02 Jun 2023

Payara, a leading provider of Jakarta EE and MicroProfile runtimes, has been authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
Payara can now publish authoritative cybersecurity vulnerability information about its products via the CVE Program. Vulnerabilities will be given a unique, alphanumeric identifier, building the CVE List that feeds into the U.S. National Vulnerability Database (NVD), and playing a role in the CVE Program’s mission to identify, define and catalogue cybersecurity vulnerabilities.
The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS).
Developers using Payara products will benefit from the collaboration, as vulnerabilities will be part of the standardized and publicly disclosed CVE List. This will result in time and cost savings for those using Payara products, as security issues can be discussed, dealt with and prevented through use of a trusted, standardized catalogue.
Payara will assign CVE numbers and publish vulnerability information for all its open-source products, with Payara Enterprise customers able to request immediate fixes on demand.
Service Manager and Senior Engineer at Payara, Fabio Turizo, said:
“Becoming a CVE Numbering Authority creates an extra level of dependability for those using our products and continues our commitment in adhering to and maintaining the best possible security standards. A key benefit is peace of mind when developing your mission critical Jakarta EE applications. As a CVE Numbering Authority, we ensure that when problems do occur, they can be quickly identified and a solution found, with ease of communication and total transparency.
This adds to the growing list of security measures we offer, including security fixes and patches, and tools to secure and restrict access to a production system, encrypt communication, and audit security events and configuration changes.”
A global open source company, Payara creates innovative infrastructure software. This includes Payara Server Enterprise, an easy-to-use Jakarta EE and MicroProfile runtime which supports mission-critical production systems with secure deployments, and Payara Cloud, an all-in-one fully automated Jakarta EE deployment PaaS solution that eliminates the need for application servers and knowledge of Docker and Kubernetes.
Related Posts
Jakarta EE 11 is Here - And It's Ready for the Cloud!
Published on 26 Jun 2025
by Dominika Tasarz
0 Comments
Earlier today, the Eclipse Foundation together with its vendor members, partners and community has announced the release of Jakarta EE 11, the latest version of its enterprise Java platform. Building on the Core Profile (Dec 2024) and Web ...
Spring, Quarkus & Jakarta EE - Join Payara Qube Launch at the Virtual Payara Conference
Published on 23 Jun 2025
by Dominika Tasarz
0 Comments
Last week, we announced the new edition of the Virtual Payara Conference, going live on Tuesday the 8th of July (REGISTER HERE), where we'll help you discover some practical strategies for your Java journey.
If you're looking to cut ...