cl-nz logo
Story image

Gallagher fortifies cybersecurity reporting as NZ's first CVE Numbering Authority

29 Jul 2020

Gallagher has become the first New Zealand organisation to be authorised as a CVE Numbering Authority (CNA), giving the company more scope for assigning and communicating security vulnerabilities in its own product suite.

A Common Vulnerabilities and Exposure (CVE) number is a way of identifying a particular security vulnerability.  CVE notifications enable security vendors and organisations to discover and correlate vulnerability information. 

Now, Gallagher joins 132 organisations from 22 countries as an authorised CNA, alongside major tech firms including Microsoft, GitHub, Facebook, Apple, Google, Dell, HPE, NVIDIA, and many others.

According to Gallagher chief technology officer Steve Bell, the company is dedicated to providing customers with the information they need to be protected against cyber threats, and to keep systems up to date.

“Becoming the first authorised CNA in New Zealand demonstrates our commitment to delivering solutions with the highest levels of security,” he says.

MITRE Corporation CVE board member Chris Levendis says, “Adding Gallagher Group further expands the CVE Program’s reach into New Zealand and is consistent with the Program’s expansion internationally.”

“We applaud Gallagher’s commitment to security and want to warmly welcome them as they join the CVE Program as a CVE Numbering Authority. The CVE Program looks forward to partnering with Gallagher going forward as we collectively maintain our commitment to improving security. Welcome aboard Gallagher!” 

The company’s security portfolio includes access control and perimeter hardware, as well as electronic components, data security and storage, proximity and contact tracing, card printers, and many other products and solutions.

Gallagher’s states that it has an ongoing focus on addressing cybersecurity threats. This focus includes a team dedicated to cybersecurity research, development, and testing, combined with regular external security testing by specialist penetration testers to ensure quality throughout the whole product development cycle.

In addition to Gallagher’s internal research team, customers can also report vulnerabilities directly to the company. 

Gallagher aims to respond to vulnerability reports within 30 days. If a vulnerability is verified, Gallagher will work to mitigate the issue – possibly with the help of the person who submitted the report. Once Gallagher has issued a fix, the company then issues a public notification to partners and customers.

Gallagher notifies partners and customers of vulnerabilities through a security advisory system. This system includes email notifications, as well as website and support site notifications.

These notifications include the CVE identification number, severity, affected components, software versions, mitigations, who reported the vulnerability, whether there are known active exploits, a description of the vulnerabilities, and what maintenance releases are available for different software versions.

Story image
COVID-19 means New Zealand's tech sector is more important than ever - NZTech
"Almost overnight, born of necessity, the government, businesses and people gained first-hand experience of a more digital world."More
Story image
Westcon Group reaps $221.5m revenue
Westcon Group New Zealand’s financial statement reveals revenue of $221.5 million for the year ended 29 February 2020, with after-income tax profit grossing $2.7 million. Both revenue and profit are up from the 2019 year, in which revenue was $211.6 million and after-income tax of $1.6 million. The company’s revenue comes from sales of goods, sales of service, and commission received from the sale of maintenance service. Sales of goods for the 2020 year totalled $216.7 million, up from $206.8 million in 2019. Additionally, revenue resulting from sale of service totalled $883,606 – up from $861,358 in 2018. Commission received from sale of maintenance service topped $3.89 million, a drop of only a few thousand dollars compared to 2019 figures. Westcon’s purchases for the 2019 cost $202.7 million, up from $194 million in 2019. Employee benefits expense cost $12.7 million, up from $12.6 million in 2019. The company paid no dividends for the financial period. There are 1000 ordinary shares in the market. Referencing the COVID-19 pandemic, the financial statement says that it is not possible to estimate the short- and long-term effects of the economic impact. “This being the case we do not consider it practicable to provide a quantitative or qualitative estimate of the potential impact of this outbreak at this time.” *Some figures have been rounded.More
Story image
CERT NZ provides threat intelligence for InternetNZ's DNS Firewall
"It’s important to InternetNZ to keep adding intelligence to Defenz to make sure our customers are protected from known security threats."More
Story image
Fortinet's Secure SD-WAN - empowering remote workforces
Secure SD-WAN supports remote workforces, simplifies management and helps ensure business continuity. More
Download image
Ultimate security: The best authentication just got better
Cloud applications can hold sensitive data, and top-notch authentication is key. But having separate tools for separate applications can be cumbersome - here's how to overcome that.More
Story image
Y Soft expands Microsoft Universal Print integration
YSoft SAFEQ Cloud portfolio, which includes SAFEQ CloudPro and Breeze, is now fully integrated with Microsoft’s Universal Print.More