Yokogawa Speeds up the Disclosure of Cybersecurity Vulnerability Information by Joining the CVE Numbering Authority

Yokogawa has joined the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA). As of October 24, 2023 (USA), the company is authorized to assign CVE IDs to cybersecurity vulnerabilities for Yokogawa Group companies' products and Yokogawa Group subsidiaries' products.

  • November 3, 2023
  • 707 views
  • Yokogawa Speeds up the Disclosure of Cybersecurity Vulnerability Information by Joining the CVE Numbering Authority
    Yokogawa Speeds up the Disclosure of Cybersecurity Vulnerability Information by Joining the CVE Numbering Authority

Yokogawa provides cybersecurity support over the entire lifecycle of its control systems, from system design and development to construction and operation. In 2008, the company established a Security Competence Laboratory in Singapore to research and stay up to date on the latest advances in IT security technology, and it went on to open similar laboratories in Tokyo, India, and the U.S. In 2014, the company started collecting information on Yokogawa product vulnerabilities and countermeasures and began disclosing this information in Yokogawa Security Advisory Reports. In accordance with the CVE Program’s mission of identifying, defining, cataloging, and publicly disclosing vulnerabilities, Yokogawa included CVE IDs in the Yokogawa Security Advisory Reports. Now, as a CNA, Yokogawa does not need to request and wait for the issuance of a CVE ID, and can therefore quickly disclose information on cybersecurity vulnerabilities. Yokogawa remains vigilant in its efforts to reduce cybersecurity risks with its products. When a vulnerability is found, the company will act as prescribed in the Yokogawa Group Vulnerability Handling Policy and provide whatever support is needed to ensure the security of its customers’ assets.

About CVE:

The mission of the CVE® Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.