As at 1 February 2024, Zyxel Networks has become the only networking brand recognised at the elite Provider Acceptance Level by the US government’s National Vulnerability Database (NVD), alongside industry leaders such as Adobe, Lenovo, and Siemens.
The leader in delivering secure, AI-powered cloud networking solutions reached this achievement as the result of consistently accurate reporting on vulnerabilities as a Common Vulnerabilities and Exposures Numbering Authority (CNA)–means data from Zyxel is now treated the same as that from the NVD’s own analysts and, once received, is immediately added to the world’s largest repository of vulnerabilities.
“This trust placed in us is a testament to Zyxel’s commitment to providing accurate and trustworthy vulnerability data, so our customers can benefit from the highest standards of product security and transparency,” said Edward Yu, Zyxel Group’s Chief Information Security Officer. “It’s also indicative of the trust we’ve built among our customers and across the networking community with our thorough and proactive approach to identifying, reporting, and addressing potential threats.”
Data submitted by CNAs is ranked on its percentage of agreement with the NVD’s own assessments. Achieving the elite Provider Acceptance Level requires a CNA’s data to be consistently accepted at least 95% of the time.
Of all 355 CNAs worldwide, Zyxel is one of only ten to have achieved the Provider Acceptance Level for both the CVSS v3.1 severity assessment standards and the CWE vulnerability classification system.
The Provider ranking comes less than two years after Zyxel became a CNA. “This couldn’t have been achieved by the Product Security Incident Response Team (PSIRT) alone,” Yu said. “The real MVPs here are the product teams and the security community that work with our PSIRT to do whatever necessary to ensure users stay up to date and safe.”
Congratulations Zyxel!