We are delighted to announce that we have become the latest vendor to be authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

This global program aims to identify, define, and catalogue publicly disclosed cyber security vulnerabilities, so that information technology professionals can ensure they are discussing the same issue, and coordinate their efforts to prioritize and address these weaknesses. The CVE Board, which drives the direction of the CVE Program, consists of industry, academic, and government representatives from around the world.

The step to join the programme was taken due to the volume and frequency in which AppCheck are discovering vulnerabilities. Indeed, reports show that cyber crime has risen 600% since the COVID-19 Pandemic.** Recent discoveries include platforms such as Microsoft, and Umbraco, Kentico and WordPress (Content Management Systems that are used by hundreds of millions of websites*). We join the program this year alongside companies such as Samsung Mobile, Sophos and Zoom.

At AppCheck, we undertake research to uncover weaknesses in IT infrastructure and common web applications in order to alert IT professionals across the globe. The CVE Program, which feeds into the U.S. National Vulnerability Database (NVD), allows us to expand our area of impact considerably.

AppCheck Technical Director, Gary O’Leary-Steele, comments:

“Our security team are constantly researching vulnerabilities and we discover so many it was a natural next step for us to join the program and assign our own CVE records. This enables us get these security issues out faster and help businesses all over the world fix these potential gaps in their IT security before malicious hackers have a chance to exploit them.”

With the rollout of GDPR and recent changes in remote working, cyber security has become more important than ever. Some staggering fines have been issued following cyber security breaches and many companies have shifted to allow employees to work remotely, opening further avenues for cyber-attacks. Companies are now in need of as much help as they can get to avoid being hacked and to stay one step ahead of malicious hackers.

At the same time,  companies like ourselves are looking for potential cyber breaches in order to alert the IT community (white hat hacking techniques), ‘black hat’ hackers are looking for the same holes in order to exploit them and steal sensitive data.

Our Head of Development, Graham Bacon comments:

“In a constantly changing security landscape, once a vulnerability exists it becomes a race against time before these issues can be exploited by the wrong person. The faster we can help people to plug these holes, the safer the IT community becomes.”

This move is in line with a period of rapid expansion for AppCheck, as we look to double our Technical Development team across 2021.

We also offer free educational webinars and run free bi-monthly cyber security seminars to help educate other firms on the dangers of poor computer security and the need for a robust cyber security policy. We offer helpful tips on our blog and a free vulnerability assessment to companies across the UK to show their current weakness.

* https://techjury.net/blog/percentage-of-wordpress-websites/#gref

** https://purplesec.us/resources/cyber-security-statistics/