ASUS Authorized by the CVE Program as a CVE Numbering Authority (CNA)

TAIPEI, Taiwan, September 18, 2024 — ASUS today announced that it has been authorized by the CVE Program as a CVE Numbering Authority (CNA). The designation marks a new milestone in the company’s dedication to integrating security into its product design while pursuing pioneering innovation across a wide range of products and solutions.  

Common Vulnerabilities and Exposures (CVE) is an international, community-based effort that relies on the community to discover cybersecurity vulnerabilities. The mission of the CVE effort is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. Once discovered, vulnerabilities are assigned and published in the CVE List. Partners also publish CVE Records to communicate consistent descriptions of vulnerabilities. CVE Numbering Authorities (CNAs) are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing.  

An increasing number of industry leaders worldwide are recognized by the CVE program. “Cybersecurity is an ongoing battle that requires constant vigilance and a collective effort. At ASUS, we emphasize product security and are dedicated to staying ahead of threats while maintaining the highest standards for our products,” said Robert Chin, ASUS Chief Information Security Officer (CISO), about this significant recognition. “We are honored to be a CVE Numbering Authority, which allows us to assign CVE IDs to vulnerabilities in our products. This reinforces our commitment to top-tier security by ensuring timely identification and resolution of potential threats.” 

ASUS is an industry innovator that takes a proactive approach to integrating security and risk management measures into the development process of its products and solutions. For example, in 2022, as part of its vision of "Building Digital Resilience, Enhancing Brand Trust: Pursuing Excellence with Security in Mind," the company established the ASUS Digital Security Center – a dedicated team that addresses internal and external security issues. It focuses on a variety of aspects of cybersecurity including incident monitoring and response, awareness training and culture cultivation, product security, and supply chain management.   

Going forward, as a partner of the CVE program, ASUS will continue to strengthen the company's security posture, create robust products and solutions for customers, and build a more secure digital world for all.