06/16/2021 | Press release | Distributed by Public on 06/15/2021 19:07
TOKYO-Toshiba Corporation (TOKYO: 6502) is authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE Numbering Authority (CNA)*1, to assign CVE Identifiers (CVE IDs) to software vulnerabilities within the company's scope. This eliminates the need for a third-party to assign a CVE ID, and will allow Toshiba to respond more quickly to vulnerabilities.
CVE is an international, community-based effort and relies on the community to discover vulnerabilities. The vulnerabilities are discovered then assigned and published to the CVE List. The CVE Program's mission is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
Toshiba joined CVE Program through JPCERT Coordination Center*2, the Root CNA in Japan.
Toshiba established a Product Security Incident Response Team (PSIRT) in 2016, responsible for strengthening the security of products and services, and reducing cyber risk. The company took its next step in October 2017, when it responded to a growing sense of crisis and concern regarding cyberattacks by establishing the Toshiba Cyber Security Center, integrating PSIRT and its Computer Security Incident Response Team (CSIRT). Since then, the post of Toshiba Group Chief Information Security Officer (CISO) has been established, tasked with overseeing and promoting strengthened security governance, and the entire Toshiba Group is working to advance and strengthen cybersecurity.
As an infrastructure services company that supports people in their daily lives, Toshiba is acutely aware of the need to disclose information on any vulnerabilities related to its products and services. As a CNA, the company will assign CVE IDs to any vulnerabilities found in the Group's products or services and publish the information, ensuring that customers can use them safely.
Find out more about Toshiba's cybersecurity on the following websites:
Toshiba Cyber Security