Payara Boosts Cybersecurity Credentials as CVE Numbering Authority
Originally published on 02 Jun 2023
Last updated on 02 Jun 2023
Payara, a leading provider of Jakarta EE and MicroProfile runtimes, has been authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
Payara can now publish authoritative cybersecurity vulnerability information about its products via the CVE Program. Vulnerabilities will be given a unique, alphanumeric identifier, building the CVE List that feeds into the U.S. National Vulnerability Database (NVD), and playing a role in the CVE Program’s mission to identify, define and catalogue cybersecurity vulnerabilities.
The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS).
Developers using Payara products will benefit from the collaboration, as vulnerabilities will be part of the standardized and publicly disclosed CVE List. This will result in time and cost savings for those using Payara products, as security issues can be discussed, dealt with and prevented through use of a trusted, standardized catalogue.
Payara will assign CVE numbers and publish vulnerability information for all its open-source products, with Payara Enterprise customers able to request immediate fixes on demand.
Service Manager and Senior Engineer at Payara, Fabio Turizo, said:
“Becoming a CVE Numbering Authority creates an extra level of dependability for those using our products and continues our commitment in adhering to and maintaining the best possible security standards. A key benefit is peace of mind when developing your mission critical Jakarta EE applications. As a CVE Numbering Authority, we ensure that when problems do occur, they can be quickly identified and a solution found, with ease of communication and total transparency.
This adds to the growing list of security measures we offer, including security fixes and patches, and tools to secure and restrict access to a production system, encrypt communication, and audit security events and configuration changes.”
A global open source company, Payara creates innovative infrastructure software. This includes Payara Server Enterprise, an easy-to-use Jakarta EE and MicroProfile runtime which supports mission-critical production systems with secure deployments, and Payara Cloud, an all-in-one fully automated Jakarta EE deployment PaaS solution that eliminates the need for application servers and knowledge of Docker and Kubernetes.
Related Posts
Announcing Virtual Payara Conference - Powering High-Performance Enterprise Java Applications
Published on 24 Oct 2024
by Dominika Tasarz
0 Comments
We're super excited to announce the third edition of the Virtual Payara Conference! This December we will be focusing on Powering High-Performance Enterprise Java Applications.
- Strategic Insight - Wednesday 11th December 2024, 1-6:30pm GMT - ...
Celebrating 25 Years of the CVE Program
Published on 22 Oct 2024
by Chiara Civardi
0 Comments
The Common Vulnerabilities and Exposures (CVE®) Program is celebrating its 25th anniversary today! This marks a major milestone in global cybersecurity. Since 1999, the CVE Program has been critical in helping organizations identify, manage and ...