2024.03.27 NEWS Release
NEWS Release
OpenAM Consortium
March 27,2024
OpenAM Consortium
OpenAM Consortium has been authorized by the CVE Program as a CNA.
TOKYO, March 27,2024
OpenAM Consortium announced that the organization has been authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CNA (CVE Numbering Authority) for OpenAM (OpenAM Consortium Edition), which allows OpenAM Consortium to assign CVE IDs and publish CVE Records.
OpenAM Consortium is an organization that engages in software development, public relations and educational activities for OpenAM, an open-source single sign-on software. OpenAM Consortium received an invitation from JPCERT Coordination Center (JPCERT/CC) to apply to become a CNA and was authorized by the CVE Program.
The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. As a CNA, the Consortium is authorized to assign CVE IDs and publish CVE Records for OpenAM (OpenAM Consortium Edition) vulnerabilities discovered by the Consortium or reported by external parties.
OpenAM Consortium will continue to strengthen the vulnerability response system, software development, publicity and educational activities so that users can use OpenAM with confidence.
-Target Software
OpenAM(OpenAM Consortium Edition)
https://github.com/openam-jp/openam/
-What is OpenAM?
OpenAM is an authentication infrastructure software enabling single sign-on,
which was developed by the former Sun Microsystems as OpenSSO, and released
as open source.
Several organizations forked OpenAM and keep developing their own versions.
OpenAM Consortium maintains its own fork as OpenAM (OpenAM Consortium Edition).
-References
OpenAM Consortium
OpenAM Consortium community site
GitHub
Inquiries
OpenAM Consortium Secretariat: info@openam.jp
All company and product names in this document are registered trademarks or trademarks of the respective companies.