Carrier Designated a CVE Numbering Authority by Cybersecurity & Infrastructure Security Agency (CISA)
Designation strengthens company’s cybersecurity program and provides greater transparency, reduces risk
PALM BEACH GARDENS, Fla., Nov. 9, 2021 — Carrier Global Corporation (NYSE:CARR), the leading global provider of healthy, safe, sustainable and intelligent building and cold chain solutions, has become a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA). This designation allows Carrier to provide customers greater transparency and proactive awareness of vulnerabilities and aligns with the company’s commitment to serving its customers. With Carrier as a CNA, customers and other stakeholders can remain informed of vulnerabilities and how to address them, reducing risk and increasing speed of remediation.
“This step extends the maturity of Carrier’s cybersecurity program and demonstrates our commitment to transparency, responsiveness and full lifecycle product support related to cybersecurity,” said John Deskurakis, Chief Product Security Officer, Carrier. “As a leader in intelligent building and cold chain solutions, Carrier is a natural fit for the program.”
“Today’s cybersecurity climate calls for early identification and intervention of vulnerabilities to ensure product security,” said Nicole Ford, Vice President and Chief Information Security Officer, Carrier. “As a CNA, we take responsible cybersecurity actions to deliver confidence to our customers.”
The CVE Program is sponsored by the Department of Homeland Security through the Cybersecurity and Infrastructure Security Agency (CISA) and operated by the MITRE Corporation. Through the CVE program, MITRE ensures that application vulnerabilities are uniquely identified and accurately reported. As the ICS RootCNA, CISA welcomed Carrier to the program.
Carrier is committed to the security of its products and services and will investigate all credible reports of security vulnerabilities and exposures potentially affecting our offerings. External parties should submit discovered vulnerabilities by following the company’s Vulnerability Disclosure Policy on the Carrier Global Product Cybersecurity website, or by contacting the Carrier Global Product Security team at [email protected].
As the leading global provider of healthy, safe, sustainable and intelligent building and cold chain solutions, Carrier Global Corporation is committed to making the world safer, sustainable and more comfortable for generations to come. From the beginning, we’ve led in inventing new technologies and entirely new industries. Today, we continue to lead because we have a world-class, diverse workforce that puts the customer at the center of everything we do. For more information, visit www.Corporate.Carrier.com or follow us on social media at @Carrier.