Those who support us in our cybersecurity mission
Effective cybersecurity rests on shared standards. Bexxo anchors its services in the most recognised international references: the MITRE CVE programme (more than 250,000 published vulnerability identifiers), the NIST National Vulnerability Database, the CISA KEV catalogue, the ATT&CK framework, the OWASP Top 10 and the CVSS standards for criticality scoring.
These references are not mere affiliations — they directly structure our tools. CVE Find integrates MITRE, NVD and CISA data directly to provide real-time vulnerability alerts. Our web audits are based on the OWASP taxonomy. Our criticality scores use the NIST CVSS.
In Switzerland, Bexxo is affiliated with the Cyber Safe label and follows the publications of the OFCS (Federal Office for Cybersecurity), the national Swiss authority on cybersecurity. This combination of local and international grounding ensures that our recommendations remain aligned with regulatory priorities and current threats.
Swiss Label is the Swiss reference association for products and services of Swiss quality, founded in 1917 under the emblem of the crossbow — a universal symbol of Swiss craftsmanship for more than 3,000 years. Managed by the Swiss Union of Arts and Crafts (sgv), it brings together companies committed to designing, producing and delivering their services in Switzerland. By obtaining this label, Bexxo officially certifies its 100% Swiss roots: founded in Ins (Canton of Bern), developed in Switzerland, hosted in Switzerland. The Swiss Label provides our clients with a concrete guarantee of data sovereignty, service traceability and compliance with Swiss requirements — in particular the nFADP.
Cyber Safe is a Swiss label that distinguishes companies committed to a responsible and proactive approach to cybersecurity. Accessible to SMEs as well as larger organisations, it offers a clear and recognised framework to strengthen their digital security posture. As an affiliated partner, Bexxo supports this initiative by raising awareness among its clients about the approach and guiding them towards the necessary resources and actions to obtain the label.
The OFCS is the national Swiss authority responsible for coordinating cybersecurity efforts. It plays a central role in protecting critical infrastructure, managing incidents at the national level, and raising awareness among businesses and the general public. The OFCS regularly publishes recommendations, alerts and best practices to strengthen Switzerland's digital resilience. Bexxo closely follows its publications to remain aligned with the national strategic and regulatory priorities in cybersecurity.
MITRE is an American non-profit organisation behind two global cybersecurity references: the ATT&CK framework (14 tactics, more than 200 documented attack techniques, used by thousands of SOC teams worldwide) and the CVE programme (Common Vulnerabilities and Exposures), which has assigned more than 250,000 unique vulnerability identifiers since its creation in 1999. Bexxo's CVE Find directly relies on MITRE's CVE nomenclature to identify and track vulnerabilities affecting our clients' products.
OWASP (Open Worldwide Application Security Project) is the world's leading community in application security. Its regularly updated OWASP Top 10 lists the 10 most critical categories of web vulnerabilities, covering the essential flaws exploited in web applications today (SQL injections, XSS, broken authentication, etc.). Our Bexxo web audits rely on this taxonomy to structure tests and reports, ensuring coverage aligned with standards recognised by application security professionals worldwide.
The CVE programme, maintained by MITRE, assigns each IT vulnerability a unique and standardised identifier. This enables clear communication between security teams, vendors and researchers. Bexxo's CVE Find tool directly relies on this nomenclature.
The National Vulnerability Database (NVD), managed by NIST, is the world's reference database for enriching CVE vulnerabilities. It complements each CVE identifier with structured data: CVSS score (severity from 0 to 10), attack vector, complexity, impact on confidentiality, integrity and availability. The NVD covers all published CVEs — more than 250,000 entries. CVE Find integrates this NVD data to allow our clients to instantly assess the criticality of each detected vulnerability and prioritise corrective actions based on actual risk.
NIST (National Institute of Standards and Technology) is the American agency behind the most widely adopted cybersecurity standards worldwide. It developed the Cybersecurity Framework (CSF), version 2.0 of which, published in 2024, is used as a governance reference by thousands of organisations in more than 50 countries, as well as the CVSS system (Common Vulnerability Scoring System), the universal standard for rating the severity of vulnerabilities on a scale of 0 to 10. Bexxo uses CVSS in CVE Find to calculate criticality scores for vulnerabilities and help its clients prioritise their remediation actions.
CISA (Cybersecurity and Infrastructure Security Agency) is the US federal agency responsible for protecting critical infrastructure. It publishes and maintains the Known Exploited Vulnerabilities (KEV) Catalog, which lists more than 1,000 vulnerabilities confirmed as actively exploited by attackers in real-world scenarios. This catalogue carries authority: US federal agencies are required to remediate these vulnerabilities within strict deadlines. CVE Find integrates KEV data to flag vulnerabilities that represent an immediate — not merely theoretical — exploitation risk.
The Forum of Incident Response and Security Teams (FIRST) brings together incident response teams around the world and promotes information sharing and coordination standards. CVE Find follows FIRST's recommendations and dissemination formats (notably CVSS and EPSS).
Frequently asked questions about Bexxo's references and certifications
What is the Swiss Cyber Safe label?
Cyber Safe is a Swiss cybersecurity label that certifies that the labelled company applies appropriate and recognised IT security measures. It is accessible to SMEs as well as large organisations and provides a structured framework to strengthen digital security posture. The label is awarded after an assessment of the company's practices against defined criteria. Bexxo is an affiliated partner of Cyber Safe: we support clients who wish to initiate or consolidate a labelling process.
What is the role of the OFCS in cybersecurity in Switzerland?
The OFCS (Federal Office for Cybersecurity, formerly NCSC) is the national Swiss authority responsible for coordinating the protection of critical infrastructure, managing cybersecurity incidents at the national level and raising awareness among businesses and the general public. It regularly publishes alerts, recommendations and reports on current threats. Bexxo follows its publications to remain aligned with Swiss strategic and regulatory priorities — particularly in the context of the nFADP (new Federal Act on Data Protection).
How does CVE Find use data from MITRE, NVD and CISA?
CVE Find is Bexxo's vulnerability monitoring tool. It aggregates three world reference sources: (1) the MITRE CVE programme, which assigns a unique identifier to each known vulnerability (250,000+ CVEs published); (2) the NIST National Vulnerability Database (NVD), which enriches each CVE with a CVSS score from 0 to 10 and detailed technical data; (3) the CISA KEV Catalog, which lists vulnerabilities actively exploited in real-world attacks. This combination allows CVE Find to alert our clients not only about new vulnerabilities, but above all about those that represent an immediate exploitation risk.
What is the OWASP Top 10 and how is it used in Bexxo web audits?
The OWASP Top 10 is the world's reference list of the 10 most critical categories of web vulnerabilities, maintained by OWASP (Open Worldwide Application Security Project). It covers SQL injections, authentication flaws, sensitive data exposure, Cross-Site Scripting (XSS), security misconfigurations and other major application attack vectors. Our web audits rely on this taxonomy to structure tests, classify detected vulnerabilities and prioritise recommendations in reports — ensuring coverage aligned with the standards recognised by application security professionals worldwide.
Why does Bexxo rely on the NIST CVSS to assess the criticality of vulnerabilities?
The CVSS (Common Vulnerability Scoring System), developed by NIST, is the universal standard for assessing the severity of vulnerabilities. It assigns each vulnerability a score from 0 to 10 based on objective criteria: attack vector (network, local, physical), exploitation complexity, privileges required, user interaction, and impact on confidentiality, integrity and availability. Using CVSS allows Bexxo to communicate vulnerability criticality in a standard language understood by all IT professionals — and allows our clients to compare audit results with globally recognised benchmarks.
Cyber Safe is a Swiss cybersecurity label that certifies that the labelled company applies appropriate and recognised IT security measures. It is accessible to SMEs as well as large organisations and provides a structured framework to strengthen digital security posture. The label is awarded after an assessment of the company's practices against defined criteria. Bexxo is an affiliated partner of Cyber Safe: we support clients who wish to initiate or consolidate a labelling process.
The OFCS (Federal Office for Cybersecurity, formerly NCSC) is the national Swiss authority responsible for coordinating the protection of critical infrastructure, managing cybersecurity incidents at the national level and raising awareness among businesses and the general public. It regularly publishes alerts, recommendations and reports on current threats. Bexxo follows its publications to remain aligned with Swiss strategic and regulatory priorities — particularly in the context of the nFADP (new Federal Act on Data Protection).
CVE Find is Bexxo's vulnerability monitoring tool. It aggregates three world reference sources: (1) the MITRE CVE programme, which assigns a unique identifier to each known vulnerability (250,000+ CVEs published); (2) the NIST National Vulnerability Database (NVD), which enriches each CVE with a CVSS score from 0 to 10 and detailed technical data; (3) the CISA KEV Catalog, which lists vulnerabilities actively exploited in real-world attacks. This combination allows CVE Find to alert our clients not only about new vulnerabilities, but above all about those that represent an immediate exploitation risk.
The OWASP Top 10 is the world's reference list of the 10 most critical categories of web vulnerabilities, maintained by OWASP (Open Worldwide Application Security Project). It covers SQL injections, authentication flaws, sensitive data exposure, Cross-Site Scripting (XSS), security misconfigurations and other major application attack vectors. Our web audits rely on this taxonomy to structure tests, classify detected vulnerabilities and prioritise recommendations in reports — ensuring coverage aligned with the standards recognised by application security professionals worldwide.
The CVSS (Common Vulnerability Scoring System), developed by NIST, is the universal standard for assessing the severity of vulnerabilities. It assigns each vulnerability a score from 0 to 10 based on objective criteria: attack vector (network, local, physical), exploitation complexity, privileges required, user interaction, and impact on confidentiality, integrity and availability. Using CVSS allows Bexxo to communicate vulnerability criticality in a standard language understood by all IT professionals — and allows our clients to compare audit results with globally recognised benchmarks.