BD Advances Leadership in Cybersecurity Preparedness, Transparency
BD (Becton, Dickinson and Company) has been named the first medical technology company to serve as a Common Vulnerability and Exposures (CVE) Numbering Authority. This designation allows BD to assign CVE ID numbers to new vulnerabilities in its software-enabled products, thus enhancing global cybersecurity efforts. The initiative aims to improve vulnerability management and assist customers in addressing cybersecurity risks. BD's established Coordinated Vulnerability Disclosure program and Cybersecurity Trust Center reflect its commitment to transparency and cybersecurity in medical devices.
- First medical technology company designated as a CVE Numbering Authority, enhancing cybersecurity leadership.
- Ability to assign CVE identification numbers improves vulnerability management for customers.
- Launch of the Cybersecurity Trust Center increases transparency and collaboration.
- None.
FRANKLIN LAKES, N.J., June 2, 2021 /PRNewswire/ -- BD (Becton, Dickinson and Company) (NYSE: BDX), a leading global medical technology company, today announced that it has become the first medical technology company authorized as a Common Vulnerability and Exposures (CVE®) Numbering Authority by the CVE Program, further demonstrating the company's leadership in health care cybersecurity.
As a CVE Numbering Authority (CNA), BD is authorized to assign CVE identification numbers to newly discovered vulnerabilities in its software-enabled products. This includes using the Common Weakness Enumeration (CWE™) system to classify vulnerability types and applying the Common Vulnerability Scoring System (CVSS) to communicate vulnerability characteristics and severity. The purpose of the CVE Program is to bolster international cybersecurity defense by cataloguing publicly disclosed cybersecurity vulnerabilities. The CVE Program is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and operated by MITRE Corporation.
"The CVE Program is the de facto international standard for vulnerability identification and naming," said CVE Board Member Chris Levendis. "Being authorized as a CVE Numbering Authority demonstrates mature vulnerability management practices and a strong commitment to cybersecurity. By making accurate and timely vulnerability information available, CNAs like BD help their customers streamline early-stage vulnerability management."
BD was among the first medical technology companies to develop a mature Coordinated Vulnerability Disclosure program, enabling customers to manage cybersecurity risks through awareness and guidance. In 2020, the company launched the BD Cybersecurity Trust Center, increasing transparency and collaboration with its customers, and issued its inaugural cybersecurity annual report. In becoming a CNA, BD further demonstrates its commitment to cybersecurity in medical devices, making it easier for customers to manage vulnerabilities affecting BD products.
"Being named a CVE Numbering Authority shows trust and confidence in BD cybersecurity practices and our ability to manage reported vulnerabilities," said Rob Suárez, chief information security officer of BD. "This designation aligns with our commitment to cybersecurity maturity and making timely information about vulnerabilities in BD products available to customers worldwide."
About the CVE Program
The mission of the Common Vulnerabilities and Exposures (CVE®) Program is to identify, define and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.
About BD
BD is one of the largest global medical technology companies in the world and is advancing the world of health by improving medical discovery, diagnostics and the delivery of care. The company supports the heroes on the frontlines of health care by developing innovative technology, services and solutions that help advance both clinical therapy for patients and clinical process for health care providers. BD and its 70,000 employees have a passion and commitment to help enhance the safety and efficiency of clinicians' care delivery process, enable laboratory scientists to accurately detect disease and advance researchers' capabilities to develop the next generation of diagnostics and therapeutics. BD has a presence in virtually every country and partners with organizations around the world to address some of the most challenging global health issues. By working in close collaboration with customers, BD can help enhance outcomes, lower costs, increase efficiencies, improve safety and expand access to health care. For more information on BD, please visit bd.com or connect with us on LinkedIn at www.linkedin.com/company/bd1/ and Twitter @BDandCo.
Contacts: | |
Media | Investors |
Jennifer Wolf | Kristen M. Stewart, CFA |
BD Public Relations | BD SVP, Strategy & Investor Relations |
201.258.0540 | 201.847.5378 |
View original content to download multimedia:http://www.prnewswire.com/news-releases/bd-advances-leadership-in-cybersecurity-preparedness-transparency-301303520.html
SOURCE BD (Becton, Dickinson and Company)
FAQ
What does the CVE Numbering Authority designation mean for BD (BDX)?
How does BD enhance cybersecurity for its products?
When did BD announce its CVE Numbering Authority status?
Why is the CVE Program important for BD and its customers?
What is the purpose of the BD Cybersecurity Trust Center?
