With this status, Sophos is authorized to assign CVE identification to unique vulnerabilities within the scope of its products. Security researchers can now work directly with Sophos to open CVEs