February 14, 2023

Austin Hackers Anonymous (AHA!) is a group of hackers in Austin, Texas that has become a CVE Numbering Authority (CNA), implying that it can now manage the numbering system for identifying cybersecurity vulnerabilities.

The Common Vulnerabilities and Exposures (CVE) program is a system used by the security industry to identify and track security flaws. Each vulnerability is assigned a unique identifier, or “CVE ID,” by the system, making it easier for organizations to track and address security issues.

The CVE Program has so far partnered with 268 organizations from 35 countries. CNAs are organizations from all over the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, mutually agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. The CVE Numbering Authority (CNA), also known as the “Collective of Adversarial Actors,” is comprised of cybersecurity researchers and hackers with experience in identifying vulnerabilities. The CNA will be in charge of allocating CVE IDs to newly discovered security flaws.

AHA! becomes the country’s first unorganized hacker collective to be a CNA, providing a clear way for anyone who presents at one of the group’s meetings to register, report, and publish the vulnerabilities they discover.

The sources for this piece include an article in Axios.