Insyde® Software Becomes a CVE Numbering Authority (CNA)

Insyde® Software Becomes a CVE Numbering Authority (CNA)

PORTLAND, OR and TAIPEI, TAIWAN – April 29, 2025 – Insyde Software, a leading provider of UEFI BIOS and OpenBMC-based systems management software, today announced that it has been authorized as a CVE Numbering Authority (CNA) by the Common Vulnerabilities and Exposures (CVE) Program.

As a CNA, Insyde Software is now authorized to assign CVE Identifiers (CVE IDs) to vulnerabilities discovered in its products and services. This role enhances the company’s ability to efficiently manage and disclose vulnerabilities, ensuring that customers and the broader cybersecurity community are promptly informed and can take necessary actions to mitigate risks.

“Becoming a CNA is a testament to our deep commitment to both the security of our products and helping strengthen the security posture of the industry,” said Tim Lewis, CTO of Insyde Software. “This designation empowers us to take a direct role in identifying and addressing potential vulnerabilities, ensuring our firmware and systems management solutions remain robust and secure,” added Lewis.

About The CVE Program

The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

About Insyde Software

Insyde Software (www.insyde.com) is a leading worldwide provider of UEFI firmware, OpenBMC-based systems management solutions and custom engineering services for companies in the mobile, server, desktop and IoT (Internet-of-Things) computing industries. The company is publicly held (6231.TWO) and headquartered in Taipei, Taiwan with U.S. headquarters in Westborough, MA. The company’s customers include the world’s leading computing, communications and storage device designers and manufacturers.

Insyde is a trademark or registered trademark of Insyde Software in the United States and other countries. CVE is a trademark or registered trademark of the CVE Foundation. Other names and brands may be claimed as the property of others.