Yandex Is The First Russian Tech Firm To Join The CVE
The company wants to be transparent in how it discovers and protects against cyber security flaws
Yandex is the first Russian technology company to join the Common Vulnerabilities and Exposures community (CVE), in a bid to help tackle security threats and bolster safe browsing.
The CVE works as a dictionary and database for all the publicly known information on security vulnerabilities and exposures. By providing these common identifiers, it enables data exchange between security products and provides a baseline for evaluating coverage of security tools and services.
By being part of this community Yandex will both be able to contribute to the CVE and use it to bolster its own products, effectively allowing the company to build up trust in its brand as well as improve its services.
A Russian first
The Yandex Browser uses machine learning algorithms to parse millions of webpages and workout which are safe and which contain malicious code. This data can then be provided to the CVE.
“Our users will be able to safely surf the web where vulnerabilities will be fixed and updated continuously,” said Anton Karpov, head of security at Yandex.
“Concerned businesses and consumers will have complete transparency into these vulnerabilities and can work together and exchange expertise, helping combat the increasingly sophisticated threat landscape.”
Yandex was keen to point out that it is the first Russian company to join the CVE. It is likely touting this position due to Russia arguably having a reputation as a nation that launches cyber attacks rather than defends against them. However, given the way cyber attacks can be routes through all manner of servers in different geographical locations, branding Russia as a bastion for hackers and cyber criminal collectives may be a tad unfair.
However joining the CVE, Yandex show it is still demonstrating a commitment to improving cyber security and being transparent with the flaws it discovers.
This security transparency is something that is trying to be achieved by the recently launched National Cyber Security Centre, who’s chief Dr Ian Levy wants an empirical, transparent approach to cybersecurity policy over hysterical reactions to potential threats.