Common Vulnerability and Exposures Helps Up the Cybersecurity Game

The Common Vulnerability and Exposures Program claims that BD is the first medical technology business to be designated as a Common Vulnerability and Exposures (CVE) Numbering Authority. According to BD officials, the authorization strengthens the company’s position as a pioneer in healthcare cybersecurity. The FDA even appointed its first Medtech cybersecurity director this year, indicating that cybersecurity has become a big issue for the medical device industry.

CVE board member Chris Levendis said, “The Common Vulnerabilityand Exposures Program is the de facto international standard for vulnerability identification and naming. Being authorized as a CVE Numbering Authority demonstrates mature vulnerability management practices and a strong commitment to cybersecurity. By making accurate and timely vulnerability information available, CNAs like BD help their customers streamline early-stage vulnerability management.”

For its customers, BD has created a mature Coordinated Vulnerability Disclosure procedure. It launched the BD Cybersecurity Trust Center and published its first cybersecurity annual report last year. Rob Suárez, the chief information security officer of BD, said, “Being named a Common Vulnerability and Exposures Numbering Authority shows trust and confidence in BD cybersecurity practices and our ability to manage reported vulnerabilities. This designation aligns with our commitment to cybersecurity maturity and making timely information about vulnerabilities in BD products available to customers worldwide.”

Rob claims that he has confidence in the BD cybersecurity practices. It can be managed, and the vulnerabilities can be discovered through it. The CVE program is supported by the Cybersecurity and Infrastructure Security Agency (CISA) of the United States Department of Homeland Security, run by the nonprofit Mitre Corp.