CHENNAI: Chennai-based Cyber Security Works (CSW) has gained the reputation of being the second Indian company to become a Common Vulnerabilities and Exposure (CVE) naming authority.
So, what does this mean for the organisation? Thousands of bug bounty hunters in India and Asia can come to CSW with their findings and get a CVE ID after validation and earn cash rewards.
The CVE program is sponsored by Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security (DHS) and operated by MITRE corporation. CVE programme is a de facto international standard for identifying and naming cyber security vulnerabilities.
CVE is an international community-based effort to maintain an open registry of bugs and vulnerabilities. New vulnerabilities that are discovered by researchers are assigned an ID by the CVE naming authority. This enables software security teams to identify, validate, and protect the systems against cyber attacks.
Ram Swaroop, president of Cyber Security Works told Express that India has a large number of bug bounty hunters, who have so far worked with platforms like Hackerone to publish their research. Now they can reach out to an Indian company to validate their research and publish their zero days.