Skip to main content
Press Release

Cyber Security: GE GAS Power Authorized as a CVE Numbering Authority (CNA)

May 03, 2022

Greenville, SC – May 3, 2022 - GE Gas Power (NYSE:GE), announced today that it has been authorized by the Common Vulnerability and Exposures (CVE®) Program as a CVE Numbering Authority (CNA). CNAs are organizations responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing.

The mission of the CVE Program is to identify define, and catalog publicly disclosed cybersecurity vulnerabilities. CVE is an international, community-based effort and relies on the community to discover vulnerabilities. The vulnerabilities are discovered then assigned and published to the CVE List.

As a CNA, GE Gas Power can now assign CVE identification numbers to newly discovered vulnerabilities potentially related to its products and allow GE Gas Power to directly publish new CVE Records and streamline the reporting process.

“As a leader building technology for the future of energy, we are committed to increase our focus on cybersecurity as part of a portfolio of technologies to help ensure integrity throughout the product lifecycle” said GE Gas Power’s VP Product Security and Chief Engineer, Robert Garry.  “Receiving this accreditation will help us to communicate information about vulnerabilities with our customers and partners timely and in accordance with the CVE Program standards and increase their confidence in GE and Gas Power’s products. 


About the CVE Program  
The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA), of the U.S. Department of Homeland Security (DHS) and is operated by the MITRE Corporation in close collaboration with international industry, academic, and government stakeholders.


About GE Gas Power

business unit