San Francisco, CA – September 19, 2023SoftIron, the worldwide leader in private cloud infrastructure, today announced that it has been authorized by the Common Vulnerability and Exposures (CVE®) Program as a CVE Numbering Authority (CNA).

The CVE (Common Vulnerabilities and Exposures) Program seeks to provide a common framework to identify, define, and catalog publicly disclosed cyber security vulnerabilities. As each vulnerability is detected, reported, and assessed, a CVE record is created, and a CVE ID is assigned. This ensures information technology and cybersecurity professionals can quickly identify and coordinate efforts to prioritize and address vulnerabilities and protect systems against attack, resulting in significant time and cost savings.

“We’ve long been advocates of transparency as a key tenet of good security practice, whether within our own platforms where we allow complete audit of our code by our customers, or in identifying and remediating CVEs wherever we find them,” Kenny Van Alstyne, CTO at SoftIron. “We’re excited to take this next step in our progression as a good steward of the broader software ecosystem.”

The CVE program is an international, community-based program and is operated on a voluntary basis by participating organizations. SoftIron joins authorized commercial entities such as VMware, Dell, HP and AMD as a CNA.

About the CVE Program

The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA), of the U.S. Department of Homeland Security (DHS) in close collaboration with international industry, academic, and government stakeholders.

About SoftIron

SoftIron is a Silicon Valley-based provider of true private cloud infrastructure. HyperCloud by SoftIron allows organizations to build a true private cloud on-premises that deploys, manages and consumes like public cloud. HyperCloud provides the elasticity of cloud in a solution that is fast and simple to deploy, driving extreme agility. HyperCloud delivers the benefits of AWS Outposts or Azure Stack HCI but in a cloud-neutral solution. Learn more at

Back to Top