DTEX Gains CVE Authority, Raising Bar for Security Transparency

SAN JOSE, CA – January 22, 2026 – In a move that signals a significant commitment to cybersecurity transparency, insider risk management leader DTEX Systems announced today it has been designated as a CVE Numbering Authority (CNA) by the Common Vulnerabilities and Exposures (CVE) Program. This authorization empowers the company to directly assign CVE identifiers to vulnerabilities within its own product suite, a responsibility that promises to accelerate the disclosure process and enhance security for its global enterprise and government customers.

The CVE Program is an international, community-based effort to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. By joining its ranks, DTEX can now independently publish CVE Records, which are standardized reports that feed directly into the U.S. National Vulnerability Database (NVD). This streamlines the flow of critical information to IT and security professionals worldwide.

“This milestone underscores DTEX’s commitment to rigorous and transparent vulnerability management,” said Marshall Heilman, CEO of DTEX, in the official announcement. “This partnership will enable us to expedite the identification and communication of vulnerabilities, ensuring our customers receive accurate, actionable, and timely information.”

A New Mandate for Transparency

Becoming a CVE Numbering Authority is more than a procedural step; it represents a fundamental shift in a vendor's relationship with its customers and the security community. As a CNA, DTEX assumes direct responsibility for the full lifecycle of vulnerability disclosure for its products. This includes assigning a unique CVE ID, conducting a root cause analysis, and publishing a detailed CVE Record that describes the vulnerability type, affected product versions, potential impact, and public references for mitigation.

This authority comes with strict obligations. CNAs must adhere to the CVE Program’s rules, which mandate timely publication—typically within 24 to 72 hours of a vulnerability's public disclosure. This commitment to speed and standardization is designed to shrink the window of opportunity for malicious actors to exploit newly discovered flaws.

For a company operating in the highly sensitive domain of insider risk and behavioral intelligence, this move toward radical transparency is particularly noteworthy. DTEX's platform handles telemetry related to user activity to detect threats, making customer trust and data integrity paramount. By taking ownership of its vulnerability disclosure process, the company aims to build greater confidence, demonstrating a mature security posture that doesn't shy away from public accountability. This action could set a new benchmark for competitors in the insider risk and User and Entity Behavior Analytics (UEBA) markets, where customers are increasingly demanding proactive and transparent security practices from their vendors.

From Vendor to Steward: The Practical Impact on Security Teams

The most immediate impact of DTEX's new status will be felt by the enterprise security teams on the front lines. The designation promises to transform vulnerability management from a reactive exercise into a more streamlined, proactive process. Historically, when a vulnerability is found in a vendor’s product, the disclosure process can be slowed by reliance on third-party coordinators. By becoming a CNA, DTEX eliminates this intermediary step.

For a Chief Information Security Officer (CISO) or a security operations team, the benefits are tangible:

• Reduced Time-to-Remediate: With DTEX issuing CVEs directly, customers receive authoritative, actionable information faster. This accelerated timeline allows them to assess risk and deploy patches or mitigations more quickly, significantly reducing the organization's exposure to potential attacks.
• Standardized, High-Fidelity Data: CVE Records provide a consistent, machine-readable format that integrates seamlessly into modern vulnerability management platforms and workflows. Security teams can automate the ingestion of this data, enabling more efficient tracking, prioritization, and reporting.
• Enhanced Trust and Compliance: In an era of stringent regulatory requirements, demonstrating a secure and well-managed software supply chain is critical. A vendor that is a CNA provides a higher level of assurance, supporting customers' own compliance and risk management efforts.

The move aligns with the company's broader strategy of promoting zero-trust principles. A core tenet of zero trust is to assume no entity is inherently trustworthy and to verify everything. By publicly cataloging and addressing its own software vulnerabilities, DTEX is applying that same principle to itself, reinforcing its role as a trusted partner in its clients' security architecture.

Joining a Global Shift in Vulnerability Management

DTEX's designation is part of a much larger trend that is reshaping the landscape of global vulnerability disclosure. The CVE Program has evolved from a centralized model to a federated system of partners. As of mid-2025, the program included over 460 CNAs across nearly 40 countries, ranging from tech giants and open-source projects to specialized security firms and national CERTs.

This decentralization is a direct response to the ever-increasing volume and complexity of cybersecurity vulnerabilities. A single, central authority cannot possibly keep pace. By empowering vendors to manage their own disclosures within a structured framework, the CVE Program has created a scalable, community-driven ecosystem. In joining this ecosystem, DTEX is not just improving its internal processes; it is becoming an active contributor to the global body of cybersecurity knowledge.

This shift places greater responsibility on vendors to act as stewards of their own security. It reflects a maturing industry where security is no longer an afterthought or a closely guarded secret but an integral part of the product lifecycle that demands open communication. This collaborative approach ensures that when a vulnerability is found, the entire community—from the vendor to the end-user—can work from a common set of facts to address the threat effectively.

The Evolving Landscape of Digital Accountability

The growing momentum behind the CNA program is indicative of a global conversation about digital accountability. As software becomes more complex and interconnected, the responsibility for securing the digital supply chain is increasingly seen as a shared one. The model of vendor-led disclosure, as championed by the CVE Program, is a powerful mechanism for distributing this responsibility.

Interestingly, the CVE Program is not the only initiative aiming to solve this challenge. The recent launch of the European-led Global Cybersecurity Vulnerability Enumeration (GCVE) initiative highlights a worldwide demand for robust, resilient, and sometimes alternative, systems for vulnerability disclosure. Like the CVE Program, GCVE envisions a decentralized network of numbering authorities, underscoring a broad consensus that empowering organizations to manage their own disclosures is the most effective path forward.

By becoming a CNA, DTEX is planting its flag firmly within this modern framework of corporate and digital responsibility. The move demonstrates an understanding that in today's threat landscape, transparency is not a liability but a strategic asset. It reinforces the idea that robust security is built on a foundation of open communication, timely action, and a collective commitment to protecting the entire digital ecosystem.