Published: May 5, 2026
Last modified: May 5, 2026
Ygreky is now a CVE Numbering Authority (CNA) in the CVE™ Program under the European Union Agency for Cybersecurity (ENISA) Root.
This decision is driven by several practical needs.
First, Ygreky develops and operates its own tools, including systems used to deliver remote training. Acting as a CNA allows us to handle vulnerabilities in these products directly, from identification to CVE ID assignment and disclosure.
Second, this capability is now integrated into our incident management offer. We can support small and medium embedded companies that are not CNAs by handling the full vulnerability handling process: assessment and fix management, advisory writing, CVE assignment (within our scope), and coordinated communication with stakeholders.
Third, during our work on embedded systems and open source security, we identify vulnerabilities in projects that do not have an assigned CNA. This role enables us to ensure those issues can still be tracked and disclosed properly.
Ygreky joined the CVE Program through ENISA’s Root as a logical choice. It allows us to stay aligned with ongoing work related to the Cyber Resilience Act (CRA).
About the CVE Program
The mission of the CVE™ Program is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities.
About Ygreky
Ygreky is a French cybersecurity consulting and training company specialized in embedded systems and Open Source software security. Founded by Marta Rybczynska, a long-time embedded security expert involved in open source initiatives, Ygreky helps manufacturers and development teams improve the security of their products and prepare for evolving cybersecurity regulations such as the Cyber Resilience Act (CRA). The company provides practical security reviews, incident response support, developer training, and guidance adapted to the realities of embedded development. Ygreky is also actively involved in the Open Source ecosystem and vulnerability management initiatives.
