10/14/25 release branch (#3726)

* #3724 News article @ 9/17/25 Board Minutes Summary

* #3723 Add 1 new podcast @ the CWG

* #3722 Add 2 new CNAs

* #3725 Updates for the "CVE Technical Workshop 2025" event

* boardMeetings: add 9/17 board meeting summary

* search: display CVE record directly following search of CVE ID that returns only corresponding CVE record

---------

Co-authored-by: Roy Lane <[email protected]>

Author: rroberge

src/assets/data/CNAsList.json

@@ -27383,5 +27383,118 @@
       ]
     },
     "country": "USA"
+  },
+  {
+    "shortName": "BCNY",
+    "cnaID": "CNA-2025-0054",
+    "organizationName": "The Browser Company of New York",
+    "scope": "The Browser Company of New York branded products and technologies only.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "[email protected]"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://hackerone.com/bcny"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://arc.net/security/bulletins"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Vendor",
+        "Bug Bounty Provider"
+      ]
+    },
+    "country": "USA"
+  },
+  {
+    "shortName": "Foxit",
+    "cnaID": "CNA-2025-0055",
+    "organizationName": "Foxit Software Incorporated",
+    "scope": "Foxit issues only.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "[email protected]"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.foxit.com/support/responsible-disclosure-policy.html"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.foxit.com/support/security.html"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Vendor"
+      ]
+    },
+    "country": "USA"
   }
 ]

src/assets/data/boardMeetings.json

@@ -1,5 +1,9 @@
 {
   "2025": [
+    {
+      "name": "September 17, 2025 - teleconference",
+      "path": "m=175993870004852&w=2"
+    },
     {
       "name": "September 3, 2025 - teleconference",
       "path": "m=175890383805223&w=2"

src/assets/data/events.json

@@ -5,9 +5,9 @@
       "displayOnHomepageOrder": 0,
       "title": "CVE Program Technical Workshop – Autumn 2025",
       "location": "Virtual",
-      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT both days.<br/><br/>Please refer to the CNA partners email announcements for agenda topics and other workshop details.",
+      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT (UTC-4) both days.<br/><br/>This workshop for <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> is free, but registration is required. The registration deadline is 11:59 p.m. EDT (UTC-4) on October 22, 2025.<br/><br/>Please refer to the CNA partners email announcement sent on October 9, 2025, for registration information and other workshop details. The final agenda will be sent directly to registered attendees.<br/><br/>All CNAs should attend this workshop. There is no limit on the number of attendees that can participate from your organization.",
       "permission": "private",
-      "url": "",
+      "url": "/Media/News/item/news/2025/10/14/Register-Now-for-CVE-Technical-Workshop-2025",
       "date": {
         "start": "2025-10-22",
         "end": "2025-10-23",

src/assets/data/metrics.json

@@ -1208,7 +1208,7 @@
         },
         {
           "month": "October",
-          "value": "1"
+          "value": "3"
         },
         {
           "month": "November",

src/assets/data/news.json

@@ -1,5 +1,115 @@
 {
   "currentNews": [
+    {
+      "id": 587,
+      "newsType": "news",
+      "title": "CNAs — Register Now for the “CVE Program Technical Workshop 2025” on October 22 & 23, 2025",
+      "urlKeywords": "Register Now for CVE Technical Workshop 2025",
+      "date": "2025-10-14",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVE Program will host a virtual “CVE Program Technical Workshop – Autumn 2025” for <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> on Wednesday, October 23, 2025, and Thursday, October 24, 2025, from 10:00 a.m. – 2:00 p.m. EDT (UTC-4) on both days.<br/><br/>This CNA workshop is free, but registration is required. Information on how to register was sent directly to CNAs on October 9, 2025. The registration deadline is 11:59 p.m. EDT (UTC-4) on October 22, 2025, so register today!"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "There will be a variety of session topics including:"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "<ul><li>CVE Record Format roadmap</li><li>Focus on quality</li><li>CPE, PURL, CVSS 3.1 vs. CVSS 4.0, SSVC, and more</li><li>False positives and CVE data</li><li>Reference archive experiment</li><li>Effectively mapping CVEs to CWEs</li><li>Consumer Working Group</li><li>Supplier ADP pilot</li><li>Guided community listening sessions</li></ul>"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The final agenda will be sent directly to registered attendees."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "All CNAs should attend this workshop. There is no limit on the number of attendees that can participate from your organization."
+        }
+      ]
+    },
+    {
+      "id": 586,
+      "newsType": "news",
+      "title": "Foxit Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Foxit Added as CNA",
+      "date": "2025-10-14",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/Foxit'>Foxit Software Incorporated</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for Foxit issues only."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>478 CNAs</a> (475 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Foxit is the 258th CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Foxit’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE TL-Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 585,
+      "newsType": "news",
+      "title": "The Browser Company of New York Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Browser Company Added as CNA",
+      "date": "2025-10-14",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/BCNY'>The Browser Company of New York</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for The Browser Company of New York branded products and technologies only."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>477 CNAs</a> (474 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. The Browser Company of New York is the 257th CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The Browser Company of New York’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE TL-Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 584,
+      "newsType": "podcast",
+      "title": "CVE Podcast &mdash; The CVE Consumer Working Group (CWG)",
+      "urlKeywords": "CVE Consumer Working Group",
+      "date": "2025-10-14",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "“<a href='/Media/News/Podcasts'>We Speak CVE</a>” podcast host Shannon Sabens chats with <a href='/ProgramOrganization/WorkingGroups#CVEConsumerWorkingGroupCWG'>CVE Consumer Working Group (CWG)</a> co-chairs, Jay Jacobs and Bob Lord, and <a href='/'>CVE&trade;</a> Project Lead Alec Summers, about how the CWG was created to address the needs and perspectives of those who use CVE data &mdash; ranging from enterprise security teams to tool developers and managed security service providers &mdash; recognizing that their requirements and pain points often differ from those of upstream data providers."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Topics include the CWG’s goals to systematically capture and organize consumer feedback, identify common and unique challenges across different user types, and inform improvements in the CVE Program; the diversity and international participation among sign-ups, including organizations outside the usual sphere, such as medical companies; and the concept of “patch smarter, not harder,” stressing the importance of prioritization and high-quality data to help defenders manage the overwhelming volume of vulnerabilities. In addition, listeners are encouraged to join the CWG for meetings scheduled to accommodate global involvement and help participate in shaping the future of CVE."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "“<a href='/Media/News/Podcasts'>We Speak CVE</a>” is a free podcast about cybersecurity, vulnerability management, and the CVE Program. Listen on the <a href='https://www.youtube.com/channel/UCUHd2XFDsKH8kjMZQaSKpDQ/' target='_blank'>CVE Program Channel on YouTube</a>, on <a href='https://wespeakcve.buzzsprout.com/' target='_blank'>We Speak CVE page on Buzzsprout</a>, and on major podcast directories such as Spotify, Stitcher, Apple Podcasts, iHeartRadio, Podcast Addict, Podchaser, Pocket Casts, Deezer, Listen Notes, Player FM, and Podcast Index, among others."
+        }
+      ],
+      "url": "https://www.youtube.com/embed/PetT7jdf7Pc"
+    },
+    {
+      "id": 583,
+      "newsType": "news",
+      "title": "Minutes from CVE Board Teleconference Meeting on September 17 Now Available",
+      "urlKeywords": "CVE Board Minutes from September 17",
+      "date": "2025-10-14",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The <a href='/ProgramOrganization/Board'>CVE Board</a> held a teleconference meeting on September 17, 2025. Read the <a href='https://marc.info/?l=cve-editorial-board&m=175993870004852&w=2' target='_blank'>meeting minutes summary</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVE Board is the organization responsible for the strategic direction, governance, operational structure, policies, and rules of the CVE Program. The Board includes members from numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information."
+        }
+      ]
+    },
     {
       "id": 582,
       "newsType": "news",
@@ -19071,40 +19181,6 @@
         }
       ]
     },
-    {
-      "id": 4,
-      "newsType": "podcast",
-      "title": "Interview with Larry Cashdollar A Researcher’s Perspective",
-      "date": "2021-05-04",
-      "description": [
-        {
-          "contentnewsType": "paragraph",
-          "content": "Kelly Todd of the <a href='/'>CVE Program</a> interviews security researcher <a href='https://twitter.com/_larry0' target='_blank'>Larry Cashdollar</a> about how he got started researching vulnerabilities and his experiences over the years, how he became the CVE Program’s first-ever independent vulnerability researcher <a href='/ProgramOrganization/CNAs'>CVE Numbering Authority (CNA)</a>, best practices, and the benefits of being able to assign his own <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE IDs</a> to the vulnerabilities he discovers."
-        },
-        {
-          "contentnewsType": "paragraph",
-          "content": "“<a href='/Media/News/Podcasts'>We Speak CVE</a>” is a free podcast about cybersecurity, vulnerability management, and the CVE Program. Listen on the <a href='https://www.youtube.com/channel/UCUHd2XFDsKH8kjMZQaSKpDQ/' target='_blank'>CVE Program Channel on YouTube</a>, on <a href='https://wespeakcve.buzzsprout.com/' target='_blank'>We Speak CVE page on Buzzsprout</a>, and on major podcast directories such as Spotify, Stitcher, Google Podcasts, Apple Podcasts, iHeartRadio, Podcast Addict, Podchaser, Pocket Casts, Deezer, Listen Notes, Player FM, and Podcast Index, among others."
-        }
-      ],
-      "url": "https://www.youtube.com/embed/-OQ9FNnYymI"
-    },
-    {
-      "id": 3,
-      "newsType": "podcast",
-      "title": "Partnering with the CVE Program",
-      "date": "2021-04-06",
-      "description": [
-        {
-          "contentnewsType": "paragraph",
-          "content": "In our third episode, Shannon Sabens of <a href='https://www.crowdstrike.com/' target='_blank'>CrowdStrike</a> speaks with Jo Bazar of the <a href='/'>CVE Program</a>, Erin Alexander of <a href='https://www.cisa.gov/' target='_blank'>CISA ICS</a>, and Tomo Itou of <a href='https://www.jpcert.or.jp/vh/index.html' target='_blank'>JPCERT/CC</a> about the structure and objectives of the <a href='/ProgramOrganization/CNAs'>CVE Numbering Authority (CNA)</a> program, what it means to be a Root and a CNA, the benefits of <a href='/PartnerInformation/Partner#HowToBecomeAPartner'>partnering with the CVE Program</a>, and recommendations for organizations considering becoming a Root or CNA."
-        },
-        {
-          "contentnewsType": "paragraph",
-          "content": "“<a href='/Media/News/Podcasts'>We Speak CVE</a>” is a free podcast about cybersecurity, vulnerability management, and the CVE Program. Listen on the <a href='https://www.youtube.com/channel/UCUHd2XFDsKH8kjMZQaSKpDQ/' target='_blank'>CVE Program Channel on YouTube</a>, on <a href='https://wespeakcve.buzzsprout.com/' target='_blank'>We Speak CVE page on Buzzsprout</a>, and on major podcast directories such as Spotify, Stitcher, Google Podcasts, Apple Podcasts, iHeartRadio, Podcast Addict, Podchaser, Pocket Casts, Deezer, Listen Notes, Player FM, and Podcast Index, among others."
-        }
-      ],
-      "url": "https://www.youtube.com/embed/QTjoGiFmmF4"
-    },
     {
       "id": 2,
       "newsType": "podcast",
@@ -19290,6 +19366,40 @@
     }
   ],
   "archivePodcast": [
+    {
+      "id": 4,
+      "newsType": "podcast",
+      "title": "Interview with Larry Cashdollar A Researcher’s Perspective (Archived)",
+      "date": "2021-05-04",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "Kelly Todd of the <a href='/'>CVE Program</a> interviews security researcher <a href='https://twitter.com/_larry0' target='_blank'>Larry Cashdollar</a> about how he got started researching vulnerabilities and his experiences over the years, how he became the CVE Program’s first-ever independent vulnerability researcher <a href='/ProgramOrganization/CNAs'>CVE Numbering Authority (CNA)</a>, best practices, and the benefits of being able to assign his own <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE IDs</a> to the vulnerabilities he discovers."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "“<a href='/Media/News/Podcasts'>We Speak CVE</a>” is a free podcast about cybersecurity, vulnerability management, and the CVE Program. Listen on the <a href='https://www.youtube.com/channel/UCUHd2XFDsKH8kjMZQaSKpDQ/' target='_blank'>CVE Program Channel on YouTube</a>, on <a href='https://wespeakcve.buzzsprout.com/' target='_blank'>We Speak CVE page on Buzzsprout</a>, and on major podcast directories such as Spotify, Stitcher, Google Podcasts, Apple Podcasts, iHeartRadio, Podcast Addict, Podchaser, Pocket Casts, Deezer, Listen Notes, Player FM, and Podcast Index, among others."
+        }
+      ],
+      "url": "https://www.youtube.com/embed/-OQ9FNnYymI"
+    },
+    {
+      "id": 3,
+      "newsType": "podcast",
+      "title": "Partnering with the CVE Program (Archived)",
+      "date": "2021-04-06",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "In our third episode, Shannon Sabens of <a href='https://www.crowdstrike.com/' target='_blank'>CrowdStrike</a> speaks with Jo Bazar of the <a href='/'>CVE Program</a>, Erin Alexander of <a href='https://www.cisa.gov/' target='_blank'>CISA ICS</a>, and Tomo Itou of <a href='https://www.jpcert.or.jp/vh/index.html' target='_blank'>JPCERT/CC</a> about the structure and objectives of the <a href='/ProgramOrganization/CNAs'>CVE Numbering Authority (CNA)</a> program, what it means to be a Root and a CNA, the benefits of <a href='/PartnerInformation/Partner#HowToBecomeAPartner'>partnering with the CVE Program</a>, and recommendations for organizations considering becoming a Root or CNA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "“<a href='/Media/News/Podcasts'>We Speak CVE</a>” is a free podcast about cybersecurity, vulnerability management, and the CVE Program. Listen on the <a href='https://www.youtube.com/channel/UCUHd2XFDsKH8kjMZQaSKpDQ/' target='_blank'>CVE Program Channel on YouTube</a>, on <a href='https://wespeakcve.buzzsprout.com/' target='_blank'>We Speak CVE page on Buzzsprout</a>, and on major podcast directories such as Spotify, Stitcher, Google Podcasts, Apple Podcasts, iHeartRadio, Podcast Addict, Podchaser, Pocket Casts, Deezer, Listen Notes, Player FM, and Podcast Index, among others."
+        }
+      ],
+      "url": "https://www.youtube.com/embed/QTjoGiFmmF4"
+    },
     {
       "id": 130,
       "newsType": "podcast",