2024.03.27 NEWS Release

NEWS Release
OpenAM Consortium

March 27,2024
OpenAM Consortium

OpenAM Consortium has been authorized by the CVE Program as a CNA.

TOKYO, March 27,2024

OpenAM Consortium announced that the organization has been authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA (CVE Numbering Authority) for OpenAM (OpenAM Consortium Edition), which allows OpenAM Consortium to assign CVE IDs and publish CVE Records.

OpenAM Consortium is an organization that engages in software development, public relations and educational activities for OpenAM, an open-source single sign-on software. OpenAM Consortium received an invitation from JPCERT Coordination Center (JPCERT/CC) to apply to become a CNA and was authorized by the CVE Program.

The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. As a CNA, the Consortium is authorized to assign CVE IDs and publish CVE Records for OpenAM (OpenAM Consortium Edition) vulnerabilities discovered by the Consortium or reported by external parties.

OpenAM Consortium will continue to strengthen the vulnerability response system, software development, publicity and educational activities so that users can use OpenAM with confidence.

-Target Software

OpenAM(OpenAM Consortium Edition)


-What is OpenAM?

OpenAM is an authentication infrastructure software enabling single sign-on,

which was developed by the former Sun Microsystems as OpenSSO, and released

as open source.

Several organizations forked OpenAM and keep developing their own versions.

OpenAM Consortium maintains its own fork as OpenAM (OpenAM Consortium Edition).


OpenAM Consortium


OpenAM Consortium community site





OpenAM Consortium Secretariat: info@openam.jp

All company and product names in this document are registered trademarks or trademarks of the respective companies.