Cyber Security Works (CSW), a firm based out of the IIT Madras Research Park, has been named a CVE Numbering Authority.
This means CSW researchers can help validate any new bug, software flaw or misconfiguration discovered in a software product or language, device or operating system, assign a CVE (Common Vulnerabilities and Exposures) ID to the bug and present it to MITRE, which will then feed into the National Vulnerability Database (NVD).
“Maintaining a universal database of this sort helps software teams, developers and security experts refer to the vulnerability at one centralised place and saves significant time and costs,” said Ram Movva, president and co-founder of CSW. CSW is the second Indian company to be recognised as a CVE Numbering Authority. India has a vibrant ethical hacking community. Today, most of these hackers go to U.S.-based sites to disclose vulnerabilities.
“We have a team of researchers and ethical hackers who have discovered 45-plus zero days (new bugs and vulnerabilities) in popular products,” Mr. Movva said.
“The process of discovering a vulnerability involves consistent follow-up with the vendor of the product. We wait for 90-plus days for the vendor to fix the vulnerability or give them time to release a patch or an advisory for the said vulnerability, after which we go public with the discovery of the new bug,” he added.