Vulnerability transparency: strengthening security through responsible disclosure

Cloudflare has joined the United States Cybersecurity and Infrastructure Security Agency’s (CISA) “Secure by Design” pledge, committing to strengthen the resilience of the digital ecosystem. This pledge promotes transparency in vulnerability reporting, a value deeply embedded in Cloudflare's Product Security program. Transparency is essential for building trust between companies and customers, as it enables rapid remediation and clear disclosure of vulnerabilities' nature, impact, and resolution. As an authorized CVE Numbering Authority (CNA), Cloudflare can assign CVE identifiers for vulnerabilities discovered within its products and ecosystems. The company has issued and disclosed multiple CVEs, primarily in areas such as denial of service, local privilege escalation, logical flaws, and improper input validation. Cloudflare's commitment to transparency and security is rooted in its values of openness, discipline, and technical excellence, and the company aims to meet and exceed expectations set out in the CISA pledge.