Latest News

Bitdefender Appointed CVE Numbering Authority in MITRE Partnership

September 2019

Bitdefender, a global cybersecurity leader protecting over 500 million systems across 150 countries, today announces a partnership with MITRE CVE to better track vulnerabilities reported privately to the vendor and speed up public disclosure.

The agreement makes Bitdefender a CVE Numbering Authority (CNA), a term describing organizations authorized to assign CVE IDs to vulnerabilities affecting products within their scope. The IDs are used as a reference when a vulnerability is announced to the public for the first time.

Bitdefender is now the primary point of contact for receiving reports of vulnerabilities discovered in its product line. As a CNA, Bitdefender can now assign CVE numbers to security researchers as soon as a reported vulnerability is validated.

“More than two years ago, we started our bug bounty initiative, a program that allows researchers to ethically probe our products and services for vulnerabilities,” said Alexandru Bălan, Chief Security Researcher and Bug Bounty program coordinator at Bitdefender. “These vulnerabilities are prioritized according to their severity and discoverers are awarded money for their work. Under the partnership with MITRE, Bitdefender can now assign CVE numbers for privately reported vulnerabilities and minimize the time from private report to public disclosure.”

About Bitdefender

Bitdefender is a global cybersecurity leader protecting over 500 million systems in more than 150 countries. Since 2001, Bitdefender innovation has consistently delivered award-winning security products and threat intelligence for people, homes, businesses and their devices, networks and cloud services. Today, Bitdefender is also the provider-of-choice, used in over 38% of the world’s security solutions. Recognized by industry, respected by vendors and evangelized by our customers, Bitdefender is the cybersecurity company you can rely on.


The MITRE Corporation currently maintains CVE and this public website, oversees the CNAs and CVE Board, and provides impartial technical guidance throughout the process to ensure CVE serves the public interest. The CVE initiative is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA).