The partnership highlights The Missing Link’s mature vulnerability management practices and demonstrates their ongoing commitment to cyber security for their clients.


SYDNEY, AUSTRALIA – 28 JULY 2022 – The Missing Link, industry leader in cyber security consulting and support, today announced they have been authorised by the CVE®Program as a CVE Numbering Authority (CNA). The partnership with the CVE Program helps ensure descriptions of vulnerabilities are communicated consistently, and that cyber security professionals have the information required to prioritise and address them. 

The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define, and catalog publicly disclosed cyber security vulnerabilities. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. The CVE Records published in the catalog enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks. 

Each CNA has a specific Scope of responsibility for vulnerability identification and publishing. As a CNA, The Missing Link can now assign CVE identification numbers to new vulnerabilities discovered in third-party software, if the software is not covered by another CNA's scope. 

Jack Misiura, Application Security Manager at The Missing Link, says: “Our mission has always been to bring clarity to the complex world of ICT security, and our CNA authorisation now means we can streamline disclosure of vulnerabilities, communicating them with our customers in a more timely manner.”  

“I’m proud to be part of our team of security experts, who have discovered CVEs, or zero-days, in multiple commonly used products. We’re passionate about finding, disclosing, and patching or fixing zero-day vulnerabilities before hackers can exploit the weakness.” 

Security analysts at The Missing Link practice responsible disclosure and report the zero-day vulnerabilities they discover as part of the CVE®Program.  

To find out more, access the list they have permission to publish on their Security Advisories page here. Due to security risks associated, not all zero-days are published and accredited.