Last Update: July 05, 2022
As of June 7, 2022, HIRT (Hitachi Incident Response Team) has become a CVE Numbering Authority (CNA). As a CNA, HIRT will assign CVE IDs and publish CVE Records for vulnerabilities found in Hitachi products.
For Hitachi products reported with vulnerabilities, we will assign CVE IDs and disclose them in a timely manner to protect the security and safety of our products and customers.
The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities.
A CVE Identifier (CVE ID) is "A unique, alphanumeric identifier assigned by the CVE Program. Each identifier references a specific vulnerability. A CVE ID enables automation and multiple parties to discuss, share, and correlate information about a specific vulnerability, knowing they are referring to the same thing."
A CVE Record is "The descriptive data about a vulnerability associated with a CVE ID, provided by a CNA. This data is provided in multiple human and machine-readable formats."
A CVE Numbering Authority (CNA) is "An organization responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the Vulnerability in the associated CVE Record. Each CNA has a specific Scope of responsibility for vulnerability identification and publishing."
HIRT, Hitachi Energy PSIRT Team and Hitachi Vantara product team are active as CNAs.
Masato Terada (HIRT) and Naoko Ohnishi (HIRT)
