After the U.S. government floated a ban of its products, networking and smart home device maker TP-Link is now working to better address security concerns with its own products as the company has been designated as a CVE Numbering Authority by the Common Vulnerability and Exposures (CVE) Program.
According TP-Link, this means the company is now a part of the CVE Program, a U.S. government-sponsored, international, community-driven initiative that identifies and catalogs publicly disclosed cybersecurity vulnerabilities. CVE Numbering Authorities (CNAs) are responsible for essentially investigating and disclosing cybersecurity vulnerabilities and publishing detailed information about them.
U.S. Previous Considers Ban on TP-Link
The company’s official authorization as a CNA comes just months after it was reported that the U.S. government was considering banning TP-Link products due to security concerns and the company’s ties to the Chinese government.
TP-Link, however, said in its announcement that the company is a signatory of the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) “Secure by Design” pledge and actively participates in CISA’s Secure by Design Technical Exchange Group. TP-Link also maintains a vulnerability disclosure program and sponsors a bug bounty program to encourage responsible reporting from security researchers.
The company says its role as a CNA will help it better respond to security threats and ensure greater transparency. This is particularly important as the company is a leading provider of networking equipment such as Wi-Fi routers as well as an expansive line of smart home devices such as cameras, switches, lights, and more.
2024 Lighting Controls and Fixtures Report
Lightapalooza took place in late February, and the growth of the event has mirrored the rapid ascension lighting fixtures and controls.Download your copy now!
“As cybersecurity threats continue to evolve, TP-Link remains dedicated to strengthening security across our product lines and fostering trust with our customers,” said Jeff Barney, President of TP-Link Systems Inc. “Becoming a CVE Numbering Authority underscores our proactive approach to responsible vulnerability disclosure and reaffirms our commitment to working with the security community to safeguard users worldwide.”
This additional step of becoming a CNA may also help the company fend off calls to ban its products in the U.S. The company says it wants to take a leadership role in vulnerability management and improve transparency and security.
Other CEDIA-channel CNAs
Despite the growing prevalence of IoT devices, not many other CEDIA-channel manufacturers are CNAs. According to the list, Crestron, LG, Samsung, Amazon and Google largely rounding out the list of other companies that can officially publicly disclose and assign vulnerabilities. Notably, many others networking providers that serve this market don’t appear on the list.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
