Hi,

On Thu, Jun 11, 2026 at 02:56:36AM +0000, Securin Disclose wrote:
> Hello,
> 
> As a CVE Numbering Authority (CNA), Securin can reserve and assign CVE IDs for
> your reported vulnerabilities. Once fixes are available, please share the
> complete vulnerability details with us. Our team will review the information 
> and
> publish the CVEs accordingly.
> 
> Our current turnaround times are:
> 
> CVE Assignment: Within 24 hours
> Publication to MITRE: Within 48 hours after receiving the required details and
> confirming readiness for disclosure
> 
> Please let us know how we can assist in streamlining or accelerating the CVE
> assignment process for your team. We are happy to work closely with you to
> ensure timely coordination, assignment, and publication.
> 
> We look forward to supporting your vulnerability disclosure efforts.

Out of interest, since I was looking up the scope of the Securin CNA.
The scope currently say:

| Vulnerabilities found in Securin products and services (including
| end-of-life/end-of-service products), as well as vulnerabilities in
| third-party software discovered by Securin that are not in another
| CNA’s scope.

So does that not only cover vunerabilities in third-party software
(not CNA's scope) discoveed by Securin? The Red Hat CNA OTOH covers
explicitly open source in their root scope:

https://www.cve.org/PartnerInformation/ListofPartners/partner/securin
https://www.cve.org/PartnerInformation/ListofPartners/partner/redhat

Regards,
Salvatore

Reply via email to