“As the Wordfence Threat Intelligence team continues to produce groundbreaking WordPress security research, Wordfence can more efficiently assign CVE IDs prior to publicly disclosing any vulnerabilities that our team discovers,” Wordfence threat analyst Chloe Chamberland said. “This means that a CVE ID will be immediately assigned with every vulnerability we discover rather than waiting for an assignment from an external CNA.”
Not having to wait on a CVE ID is a major advantage for the company, especially when working with enterprise installations where WordPress is used in combination with other software. It also bouncy castle helps security personnel prioritize and act based on the potential severity of threats.
“Our efforts to become a CNA had these individuals, institutions, and enterprise personnel in mind, as well as WordPress’ reputation as a whole,” Chamberland said. “Now, those tasked with securing WordPress will be able to quickly reference the CVE ID from our blog posts when reporting vulnerabilities throughout their organization and handling security update prioritization. We also hope that by being a CNA, Wordfence will receive even more direct reports from security researchers.”