Chennai firm allowed to validate bugs, software flaw

Cyber Security Works has been named a CVE Numbering Authority

Published - November 30, 2020 01:26 am IST - Chennai

Cyber Security Works (CSW), a firm based out of the IIT Madras Research Park, has been named a CVE Numbering Authority.

This means CSW researchers can help validate any new bug, software flaw or misconfiguration discovered in a software product or language, device or operating system, assign a CVE (Common Vulnerabilities and Exposures) ID to the bug and present it to MITRE, which will then feed into the National Vulnerability Database (NVD).

“Maintaining a universal database of this sort helps software teams, developers and security experts refer to the vulnerability at one centralised place and saves significant time and costs,” said Ram Movva, president and co-founder of CSW. CSW is the second Indian company to be recognised as a CVE Numbering Authority. India has a vibrant ethical hacking community. Today, most of these hackers go to U.S.-based sites to disclose vulnerabilities.

“We have a team of researchers and ethical hackers who have discovered 45-plus zero days (new bugs and vulnerabilities) in popular products,” Mr. Movva said.

“The process of discovering a vulnerability involves consistent follow-up with the vendor of the product. We wait for 90-plus days for the vendor to fix the vulnerability or give them time to release a patch or an advisory for the said vulnerability, after which we go public with the discovery of the new bug,” he added.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.