Payara, a leading provider of Jakarta EE and MicroProfile runtimes, has been authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).
Payara can now publish authoritative cybersecurity vulnerability information about its products via the CVE Program. Vulnerabilities will be given a unique, alphanumeric identifier, building the CVE List that feeds into the U.S. National Vulnerability Database (NVD), and playing a role in the CVE Program’s mission to identify, define and catalogue cybersecurity vulnerabilities.
The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS).
Developers using Payara products will benefit from the collaboration, as vulnerabilities will be part of the standardized and publicly disclosed CVE List. This will result in time and cost savings for those using Payara products, as security issues can be discussed, dealt with and prevented through use of a trusted, standardized catalogue.
Payara will assign CVE numbers and publish vulnerability information for all its open-source products, with Payara Enterprise customers able to request immediate fixes on demand.
Service Manager and Senior Engineer at Payara, Fabio Turizo, said:
“Becoming a CVE Numbering Authority creates an extra level of dependability for those using our products and continues our commitment in adhering to and maintaining the best possible security standards. A key benefit is peace of mind when developing your mission critical Jakarta EE applications. As a CVE Numbering Authority, we ensure that when problems do occur, they can be quickly identified and a solution found, with ease of communication and total transparency.
This adds to the growing list of security measures we offer, including security fixes and patches, and tools to secure and restrict access to a production system, encrypt communication, and audit security events and configuration changes.”
A global open source company, Payara creates innovative infrastructure software. This includes Payara Server Enterprise, an easy-to-use Jakarta EE and MicroProfile runtime which supports mission-critical production systems with secure deployments, and Payara Cloud, an all-in-one fully automated Jakarta EE deployment PaaS solution that eliminates the need for application servers and knowledge of Docker and Kubernetes.