Orange Cyberdefense obtains CVE Numbering Authority (CNA) status

This authorization enables Orange Cyberdefense to assign CVE Identifiers (CVE IDs) to security vulnerabilities affecting Orange Cyberdefense’s products, as well as vulnerabilities impacting third-party products—whether discovered by its teams or by external security researchers. It marks a major milestone in strengthening Orange Cyberdefense’s role within the global cybersecurity ecosystem.

A key role in vulnerability identification and disclosure

As a CNA, Orange Cyberdefense is now authorized to:

• assign CVE IDs independently (within its scope);
• publish standardized information about vulnerabilities;
• accelerate coordinated disclosure processes;
• contribute to better visibility of risks for its clients and partners.
  
  

As Hugues Foulon, CEO of Orange Cyberdefense, says, “obtaining CNA status is a recognition of our teams’ technical expertise and our ongoing commitment to open and collaborative cybersecurity at the European level. It allows us to contribute even more to protecting our clients’ digital ecosystems.”

An active contribution to the global cybersecurity ecosystem
The CVE Program is an international initiative supported by a broad community of public and private sector actors. By partnering with the CVE Program as a CNA, Orange Cyberdefense can now enrich the CVE List and participate in a dynamic of international cooperation aimed at improving the identification, classification, and sharing of vulnerability information.

This authorization aligns with Orange Cyberdefense’s overall strategy to:

• anticipate threats and strengthen organizational resilience;
• support security research and responsible disclosure;
• develop advanced detection and incident response capabilities.
  
  

About the CVE Program
The mission of the CVE™ Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.

About Orange Cyberdefense
Orange Cyberdefense is the European leader in cybersecurity services, leveraging over 30 years of expertise developed within the Orange Group. Generating a revenue of €1.3 billion in 2025, the subsidiary independently provides managed security services, consulting, and integration solutions, reinforced by its sovereign cyber intelligence capabilities. It supports organizations in anticipating, preventing, and responding to cyber threats 24/7. Its services are powered by research and intelligence, offering organizations and individuals unparalleled knowledge of current and emerging threats. With over 3,300 multidisciplinary experts across 12 countries and 36 detection centers worldwide, its strong local presence enables it to address both global and local challenges faced by its clients. Its comprehensive, human-centered approach to cyber risks, facilitated by technology such as artificial intelligence, positions cybersecurity as a societal issue at the crossroads of organized crime, hacktivism, and geopolitics. An essential vision for building a safer digital society and maintaining trust in our economies and democracies.