financetom
Technology
financetom
/
Technology
/
VulNow Becomes a CVE Numbering Authority under ENISA Root
News World Market Environment Technology Personal Finance Politics Retail Business Economy Cryptocurrency Forex Stocks Market Commodities
VulNow Becomes a CVE Numbering Authority under ENISA Root
Jun 30, 2026 11:22 PM

AMSTERDAM, July 01, 2026 (GLOBE NEWSWIRE) -- VulNow B.V., a predictive software supply chain risk intelligence platform, today announced its formal appointment as a CVE™ (Common Vulnerabilities and Exposures) Numbering Authority (CNA) under the European Union Agency for Cybersecurity (ENISA) CVE Root. This designation formalizes VulNow's coordinated vulnerability disclosure pipeline, authorizing the company to directly assign CVE identifiers (CVE IDs) to vulnerabilities discovered via its predictive intelligence engine for proprietary products and third-party open source vulnerabilities that are not already covered under the scope of another CNA.

Shifting from Reactive to Predictive Vulnerability Management

Traditional vulnerability management programs face a critical signal problem. VulNow provides PreCVE signal intelligence that standard scanners cannot detect before a CVE ID is formally published. During a coordinated disclosure window, organizations with the VulNow intelligence integrated into their platforms and tools gain exclusive visibility into these PreCVEs. Following a coordinated disclosure process, VulNow will publish the official CVE Record on behalf of open source maintainers (that are not CNAs themselves) to enable public remediation.

Exposing Dark Matter Vulnerabilities™

Partnering with the CVE Program allows VulNow to systematically bring a critical category of risk into the public record. The VulNow platform is designed to target Dark Matter Vulnerabilities™, which are security flaws that have been quietly patched or incidentally resolved in code repositories by maintainers without the correlated publication of a public CVE ID or security advisory. Because standard enterprise vulnerability scanners rely entirely on published CVE databases, these unindexed code changes remain completely invisible to security teams while remaining exposed to threat actors who reverse engineer open source software.

"Securing CNA status under the ENISA Root is a structural milestone for our company, our customers, and our partners with security solutions," said Cassie Crossley, CEO and Co-Founder of VulNow. "Standard vulnerability scanners are blind to Dark Matter Vulnerabilities™ because they rely exclusively on post-disclosure CVE feeds. By formalizing our disclosure workflow as a CNA, we can rapidly move our deep queue of active PreCVE intelligence into the public record, shortening the window of attacker opportunity and helping our customers and partners achieve proactive compliance ahead of the EU CRA vulnerability reporting timeline and broader 2027 compliance obligations."

Validated Operational Telemetry

The VulNow Q1 2026 Threat Intelligence Report details the production capabilities of this pipeline. During the first quarter of 2026, VulNow confirmed a subset of 58 PreCVE detections that successfully resolved to published CVE Records. The platform delivered an average early warning lead time of 6.6 days across a monitored subset of core open source packages representing a combined download volume of 13.2 billion monthly installations.

The report highlights a maximum predictive window of 154 days and 15 hours for a vulnerability (CVE-2026-39865) in the axios open source project, demonstrating the platform's ability to identify risk months before traditional signature availability. CNA status allows VulNow to transition these early signals into actionable, registered advisories at scale, with confirmed PreCVEs accessible at https://vul.now/precve.

Open source maintainers and vulnerability disclosure programs can review reporting protocols and submission guidelines by visiting the VulNow Coordinated Vulnerability Disclosure policy.

About the CVE Program

The mission of the CVE™ Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

About VulNow B.V.

Headquartered in the Netherlands, VulNow B.V. provides predictive threat intelligence designed for modern software supply chain risk management. By leveraging advanced machine learning to detect undisclosed vulnerabilities, silent patches, and Dark Matter Vulnerabilities™ prior to public advisory publication, VulNow delivers early-warning telemetry to enterprise defenders and strategic infrastructure operators.

Media Contact:

VulNow B.V.

[email protected]

https://vul.now

Image: https://www.globenewswire.com/newsroom/ti?nf=MTAwMTIxMDU1NyM0MDI0MzcxMTQjMjMyMjk3Mw==

Image: https://ml-eu.globenewswire.com/media/ZDk1YzBmZjctZTVhNi00ZDUzLTgxM2QtMjY0NDIxODM2OTUxLTEzMzQ1MjMtMjAyNi0wNy0wMS1lbg==/tiny/VulNow.png Image: Primary Logo

Source: VulNow

Comments
Welcome to financetom comments! Please keep conversations courteous and on-topic. To fosterproductive and respectful conversations, you may see comments from our Community Managers.
Sign up to post
Sort by
Show More Comments
Related Articles >
Google Cloud Strikes Major AI Deal With European Buyout Giant EQT
Google Cloud Strikes Major AI Deal With European Buyout Giant EQT
May 28, 2026
EQT has struck a deal with Alphabet Inc. ( GOOG )‘s Google Cloud aimed at speeding up artificial intelligence projects across more than 300 companies held in the buyout firm's portfolio. The arrangement gives these businesses access to Google Cloud's AI and security tools, including the Gemini Enterprise Agent platform for building AI applications, Reuters reported. Portfolio companies will also...
Incorta Powers Adaptive Data Foundation for Workday Adaptive Planning - Giving Finance Teams Real-Time Operational Data Without IT Dependency
Incorta Powers Adaptive Data Foundation for Workday Adaptive Planning - Giving Finance Teams Real-Time Operational Data Without IT Dependency
May 28, 2026
New joint solution delivers live ERP actuals, operational drivers, and integrated plan data directly into Workday Adaptive Planning - closing the gap between when data is available and when decisions need to happen. FOSTER CITY, Calif.--(BUSINESS WIRE)-- Incorta, the leading data foundation platform for decision intelligence and AI, today announced Adaptive Data Foundation powered by Incorta, a finance-owned data layer...
Odyssey Space Research partner, Astrolab, Selected by NASA to Provide Lunar Rover for Artemis Astronauts Return to the Moon
Odyssey Space Research partner, Astrolab, Selected by NASA to Provide Lunar Rover for Artemis Astronauts Return to the Moon
May 28, 2026
HOUSTON, May 28, 2026 /PRNewswire/ -- Astrolab announced that NASA selected the company's CLV-1 lunar rover to support astronaut exploration of the lunar surface as part of the Artemis campaign under the LTVS program. CLV-1 launches the first phase of lunar exploration and lays the groundwork for Astrolab's future rovers including FLEX.CLV-1 will be ready and waiting for the Artemis crew...
Mercury Receives Largest Production Order for its Common Processing Architecture Servers
Mercury Receives Largest Production Order for its Common Processing Architecture Servers
May 28, 2026
ANDOVER, Mass., May 28, 2026 (GLOBE NEWSWIRE) -- Mercury Systems, Inc. ( MRCY ) , a global leader in aerospace and defense electronics, today announced it received a multi-year contract to deliver 1,000 of its RTBX06 BuiltSECURE™ servers to Blue Raven, a leading distributor in the defense industry. Leveraging Mercury’s Common Processing Architecture, Rugged Trusted BuiltSECURE™ (RTB) servers provide uncompromised...
Copyright 2023-2026 - www.financetom.com All Rights Reserved