Orange Cyberdefense Becomes CVE Numbering Authority in Global Cybersecurity Program

This authorization enables Orange Cyberdefense to assign CVE Identifiers (CVE IDs) to security vulnerabilities affecting Orange Cyberdefense’s products, as well as vulnerabilities impacting third-party products—whether discovered by its teams or by external security researchers. It marks a major milestone in strengthening Orange Cyberdefense’s role within the global cybersecurity ecosystem.

A key role in vulnerability identification and disclosure

As a CNA, Orange Cyberdefense is now authorized to:

• assign CVE IDs independently (within its scope);
• publish standardized information about vulnerabilities;
• accelerate coordinated disclosure processes;
• contribute to better visibility of risks for its clients and partners.

“obtaining CNA status is a recognition of our teams’ technical expertise and our ongoing commitment to open and collaborative cybersecurity at the European level. It allows us to contribute even more to protecting our clients’ digital ecosystems.”

– Hugues Foulon, CEO, Orange Cyberdefense

An active contribution to the global cybersecurity ecosystem

The CVE Program is an international initiative supported by a broad community of public and private sector actors. By partnering with the CVE Program as a CNA, Orange Cyberdefense can now enrich the CVE List and participate in a dynamic of international cooperation aimed at improving the identification, classification, and sharing of vulnerability information.

This authorization aligns with Orange Cyberdefense’s overall strategy to:

• anticipate threats and strengthen organizational resilience;
• support security research and responsible disclosure;
• develop advanced detection and incident response capabilities.