In 2022, more than 50 organizations have been added as a CVE Numbering Authority (CNA), raising the total number of CNA organizations to 260 spanning 35 countries. CNAs have the capability to assign CVE identifiers to vulnerabilities discovered within their own infrastructure, and some can assign CVEs to flaws identified by their researchers in third-party software.
In 2022, 54 CNAs were added whereas only 43 were added in 2021. The list of new CNAs includes cybersecurity companies such as Proofpoint, Qualys, Bugcrown, and Green Rocket Security, as well as major tech companies such as Baidu, Canon, GE Healthcare, Philips, and more. Additionally, some major industrial solutions providers also became CNAs such as General Electric, Honeywell, and Rockwell Automation.