Try Free

Payara Boosts Cybersecurity Credentials as CVE Numbering Authority

News
Fabio Turizo
Published: 02 Jun 2023
Updated: 21 Oct 2025

Payara, a leading provider of Jakarta EE and MicroProfile runtimes, has been authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

Payara can now publish authoritative cybersecurity vulnerability information about its products via the CVE Program. Vulnerabilities will be given a unique, alphanumeric identifier, building the CVE List that feeds into the U.S. National Vulnerability Database (NVD), and playing a role in the CVE Program’s mission to identify, define and catalogue cybersecurity vulnerabilities.

The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS).

Developers using Payara products will benefit from the collaboration, as vulnerabilities will be part of the standardized and publicly disclosed CVE List. This will result in time and cost savings for those using Payara products, as security issues can be discussed, dealt with and prevented through use of a trusted, standardized catalogue.

Payara will assign CVE numbers and publish vulnerability information for all its open-source products, with Payara Enterprise customers able to request immediate fixes on demand.

Service Manager and Senior Engineer at Payara, Fabio Turizo, said:
“Becoming a CVE Numbering Authority creates an extra level of dependability for those using our products and continues our commitment in adhering to and maintaining the best possible security standards. A key benefit is peace of mind when developing your mission critical Jakarta EE applications. As a CVE Numbering Authority, we ensure that when problems do occur, they can be quickly identified and a solution found, with ease of communication and total transparency.

This adds to the growing list of security measures we offer, including security fixes and patches, and tools to secure and restrict access to a production system, encrypt communication, and audit security events and configuration changes.”

A global open source company, Payara creates innovative infrastructure software. This includes Payara Server Enterprise, an easy-to-use Jakarta EE and MicroProfile runtime which supports mission-critical production systems with secure deployments, and Payara Cloud, an all-in-one fully automated Jakarta EE deployment PaaS solution that eliminates the need for application servers and knowledge of Docker and Kubernetes.

Share:

Download Payara Platform Community

Comments (0)

Post a comment

Your email address will not be published. Required fields are marked *

Payara needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Legal & Privacy Policy.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

Docker logo 4 minutes
Community
Dominika Tasarz
18 Nov 2025

Level Up Your Jakarta EE Apps with Payara 7 and New Docker Images

We’re excited to share major updates around the Docker image story for the Payara Platform Community, aligned with our […]

Read More
What's New In The Payara Platform August 2025 Release? 5 minutes
Community
Luqman Saeed
12 Nov 2025

What’s New In The Payara Platform November 2025 Release?

The November 2025 release brings significant milestones across the Payara Platform family. This month includes Payara Platform Community 6.2025.11, […]

Read More
Blue background with coral and fish. Left text: 'MONTHLY CATCH'. Right: laptop screen with tech tabs and Payara Community logo. 5 minutes
Community
Dominika Tasarz
31 Oct 2025

The Payara Monthly Catch – October 2025

Welcome aboard the October issue of The Monthly Catch!As the leaves turn and conference season hits full stride, the […]

Read More