2025-08-06
We are proud to share that Bouncy Castle has been authorized by the CVE Program as a CVE Numbering Authority (CNA).
This milestone marks a key step forward in our commitment to transparency, security, and supporting the users and organizations who rely on our cryptographic APIs.
What Is the CVE Program
The Common Vulnerabilities and Exposures (CVE™) Program is an international initiative that identifies and catalogs publicly disclosed cybersecurity vulnerabilities. A CVE Numbering Authority (CNA) is an organization authorized to assign CVE IDs and publish CVE Records for vulnerabilities in its own products or those within a defined scope.
By becoming a CNA, Bouncy Castle joins a trusted network of security-focused organizations, including vendors, open-source projects, and research groups, working together to standardize how vulnerabilities are disclosed and communicated.
What This Means for You
As a Bouncy Castle user, CNA status brings several key benefits:
We see this as part of our broader mission to support secure development and help teams build resilient systems with confidence. Thank you for continuing to trust Bouncy Castle and stay tuned for further updates as we continue to strengthen our security posture.