BD (NYSE: BDX) is touting that it is the first medical technology company authorized as a Common Vulnerability and Exposures (CVE) Numbering Authority by the CVE Program.
BD officials say the authorization further boosts the company’s healthcare cybersecurity leadership. Cybersecurity has become a major issue for the medical device industry, with FDA even appointing its first medtech cybersecurity chief this year.
“The CVE Program is the de facto international standard for vulnerability identification and naming,” CVE board member Chris Levendis said in a June 2 news release from BD. “Being authorized as a CVE Numbering Authority demonstrates mature vulnerability management practices and a strong commitment to cybersecurity. By making accurate and timely vulnerability information available, CNAs like BD help their customers streamline early-stage vulnerability management.”
BD has developed a mature Coordinated Vulnerability Disclosure program for its customers. Last year, it launched its BD Cybersecurity Trust Center and issued an inaugural cybersecurity annual report.
“Being named a CVE Numbering Authority shows trust and confidence in BD cybersecurity practices and our ability to manage reported vulnerabilities,” said Rob Suárez, chief information security officer of BD. “This designation aligns with our commitment to cybersecurity maturity and making timely information about vulnerabilities in BD products available to customers worldwide.”
The CVE Program is sponsored by The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) sponsors the CVE Program, which the nonprofit Mitre Corp, operates.