LINE Becomes a CVE Numbering Authority (CNA)
TOKYO — December 4 — LINE Corporation announced today that LINE has become a CVE Numbering Authority (CNA) for the Common Vulnerabilities and Exposures (CVE®) system, a global cybersecurity community. The selection of LINE was made by the JPCERT Coordination Center (JPCERT/CC), Japan’s main Computer Security Incident Response Team.
1. Brief overview
As a CNA, LINE has been authorized to assign CVE Identifiers（CVE IDs）to vulnerabilities within an agreed-upon scope, allowing LINE to help manage those vulnerabilities. Identifying vulnerabilities with CVE IDs can speed up the awareness and understanding of those vulnerabilities, enabling security researchers and system managers to expedite solutions. Going forward, as a CNA, LINE will announce CVE IDs in a timely manner when disclosing any vulnerability we discover, enhancing coverage and cyber security for the industry.
About Common Vulnerabilities and Exposures (CVE) (Quote from CVE website)
"Common Vulnerabilities and Exposures (CVE®) is a list of common identifiers for publicly known cybersecurity vulnerabilities. Use of CVE Entries, which are assigned by CVE Numbering Authorities (CNAs) from around the world, ensures confidence among parties when used to discuss or share information about a unique software or firmware vulnerability, provides a baseline for tool evaluation, and enables automated data exchange."
Common Vulnerabilities and Exposures Website: https://cve.mitre.org/
2. Publishing date
December 4th, 2020
3.Reference: LINE’s actions to combat vulnerabilities
Since June of 2016, LINE has operated a private bug bounty program called ”LINE Security Bug Bounty Program,” rewarding external security researchers for reporting security flaws in our services or webpages to improve the security of the LINE app, our family services, and our webpages.