CPAN Security Group is now a CVE Numbering Authority (CNA) for vulnerabilities in Perl and CPAN Modules (including End-of-Life Perl versions) found at https://perl.org, https://cpan.org, or https://metacpan.org/, excluding distributions of Perl or CPAN Modules maintained by third-party redistributors.

To date, 444 CNAs (442 CNAs and 2 CNA-LRs) from 40 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. CPAN Security Group is the 9th CNA from Canada.

CPAN Security Group’s Root is the MITRE Top-Level Root.