Continues to Develop a Best-in-Class Vulnerability Management Program

Ivanti, the tech company that breaks down barriers between IT and security so that Everywhere Work can thrive, has been authorized by the CVE Program as a CVE Numbering Authority (CNA). By becoming a CNA, Ivanti is fulfilling commitments it made to provide improvements to its security operating model, including elevating the vulnerability management program.

The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. As a CNA partner, Ivanti can assign CVEs for security issues found in its own software products. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate efforts to prioritize and address vulnerabilities.

“This is the next step in elevating our vulnerability management program to be "best-in-class" and further execution on our CISA Secure by Design pledge. Finding, fixing and disclosing vulnerabilities in a responsible and transparent way is a positive attribute of any software vendor,” said Daniel Spicer, Chief Security Officer at Ivanti. “Security is a shared responsibility between software vendors and their customers, and by becoming a CVE Numbering Authority we are enabling a greater measure of accountability for our organization and demonstrating our commitment to continuous improvement and transparency.”

Ivanti is dedicated to ensuring the security and integrity of our enterprise software products. We recognize the vital role that security researchers, ethical hackers, and the broader security community play in identifying and reporting vulnerabilities. Visit HERE to learn more about our Vulnerability Disclosure Policy.

About Ivanti

Ivanti breaks down barriers between IT and security so that Everywhere Work can thrive. Ivanti has created the first purpose-built technology platform for CIOs and CISOs – giving IT and security teams comprehensive software solutions that scale with their organizations’ needs to enable, secure and elevate employees' experiences. The Ivanti platform is powered by Ivanti Neurons - a cloud-scale, intelligent hyperautomation layer that enables proactive healing, user-friendly security across the organization, and provides an employee experience that delights users. Over 40,000 customers, including 85 of the Fortune 100, have chosen Ivanti to meet challenges head-on with its end-to-end solutions. At Ivanti, we strive to create an environment where all perspectives are heard, respected and valued and are committed to a more sustainable future for our customers, partners, employees and the planet. For more information, visit www.ivanti.com and follow @GoIvanti.

About the CVE Program

The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

press@ivanti.com