Try Free

Payara Boosts Cybersecurity Credentials as CVE Numbering Authority

News
Fabio Turizo
Published: 02 Jun 2023
Updated: 21 Oct 2025

Payara, a leading provider of Jakarta EE and MicroProfile runtimes, has been authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

Payara can now publish authoritative cybersecurity vulnerability information about its products via the CVE Program. Vulnerabilities will be given a unique, alphanumeric identifier, building the CVE List that feeds into the U.S. National Vulnerability Database (NVD), and playing a role in the CVE Program’s mission to identify, define and catalogue cybersecurity vulnerabilities.

The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA) of the U.S. Department of Homeland Security (DHS).

Developers using Payara products will benefit from the collaboration, as vulnerabilities will be part of the standardized and publicly disclosed CVE List. This will result in time and cost savings for those using Payara products, as security issues can be discussed, dealt with and prevented through use of a trusted, standardized catalogue.

Payara will assign CVE numbers and publish vulnerability information for all its open-source products, with Payara Enterprise customers able to request immediate fixes on demand.

Service Manager and Senior Engineer at Payara, Fabio Turizo, said:
“Becoming a CVE Numbering Authority creates an extra level of dependability for those using our products and continues our commitment in adhering to and maintaining the best possible security standards. A key benefit is peace of mind when developing your mission critical Jakarta EE applications. As a CVE Numbering Authority, we ensure that when problems do occur, they can be quickly identified and a solution found, with ease of communication and total transparency.

This adds to the growing list of security measures we offer, including security fixes and patches, and tools to secure and restrict access to a production system, encrypt communication, and audit security events and configuration changes.”

A global open source company, Payara creates innovative infrastructure software. This includes Payara Server Enterprise, an easy-to-use Jakarta EE and MicroProfile runtime which supports mission-critical production systems with secure deployments, and Payara Cloud, an all-in-one fully automated Jakarta EE deployment PaaS solution that eliminates the need for application servers and knowledge of Docker and Kubernetes.

Share:

Download Payara Platform Community

Comments (0)

Post a comment

Your email address will not be published. Required fields are marked *

Payara needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Legal & Privacy Policy.

Related Posts

The Imperative for Legacy Java Modernization in Banking Cover 2 minutes
Security
Luqman Saeed
24 Oct 2025

The $57 Billion Problem: Why Banking’s Java Legacy Crisis Demands Immediate Action

How outdated Java systems are draining budgets and throttling innovation across financial services? Let’s dig in in this blog […]

Read More
Interview The software that could be putting your cyber-security at risk 2 minutes
Security
Payara Content Team
22 Oct 2025

Middleware Cyber Security: The Hidden Risk Every C-Suite Should Prioritize

When tackling cyber risk at the strategic level, it pays to learn from trusted leaders. Steve Millidge, CEO and […]

Read More
payara qube logo 2 minutes
News
Chiara Civardi
21 Oct 2025

Enterprise Java Deployment Simplified with Payara Qube’s New, Unified Offering

Payara Services, a leading vendor of enterprise Java technologies, is aligning Payara Cloud with the Payara Qube Java application […]

Read More