12/23/25 release branch (#3804)

* #3801 Update 1 CNA's info

* #3802 Add CVE Lightning Talk Video

* Improve SEO for CVE Record Detail page; noindex on test website

---------

Co-authored-by: Roy Lane <[email protected]>

Author: rroberge

src/App.vue

@@ -19,6 +19,7 @@ import PrimaryNavigation from './components/PrimaryNavigation.vue';
 import NotificationBannerModule from './components/NotificationBannerModule.vue';
 import FooterModule from './components/FooterModule.vue';
 import NotFound from './views/NotFound.vue';
+import { useGenericGlobalsStore } from './stores/genericGlobals';
 import { useSeoMeta } from '@unhead/vue';
 
 export default {
@@ -42,6 +43,20 @@ export default {
     });
   },
   head() {
+
+    const isProductionSite = useGenericGlobalsStore().isProductionWebsite;
+
+    if (!isProductionSite) {
+
+        // Particularly for the test CVE website (test.cve.org), prevent
+        // any search engine from crawling the content.  This should only
+        // be allowed for the production website.
+
+        return {
+            meta: [{name: 'robots', content: 'noindex, nofollow'}]
+        }
+    }
+
     // Remove any trailing and leading slashes on the base URL and
     // path suffix so we know what we're dealing with and we control
     // the slash separating the two components.
@@ -50,8 +65,7 @@ export default {
     const suffix = this.$route.fullPath.replace(/^\/+/, '');
 
     return {
-      link: [{rel: 'canonical',
-              content: `${baseURL}/${suffix}`}]
+      link: [{rel: 'canonical', href: `${baseURL}/${suffix}`}]
     }
   }
 }

src/assets/data/CNAsList.json

@@ -1918,7 +1918,7 @@
     "shortName": "DEVOLUTIONS",
     "cnaID": "CNA-2021-0031",
     "organizationName": "Devolutions Inc.",
-    "scope": "Remote Desktop Manager and Devolutions Server products.",
+    "scope": "All Devolutions products only.",
     "contact": [
       {
         "email": [

src/views/About/Overview.vue

@@ -23,19 +23,30 @@
               professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize
               and address the vulnerabilities.
             </p>
+            <div class="cve-white-bg-gray-border-container">
+              <h3 class="title mt-4">CVE Lightning Talk</h3>
+              <figure class ="image is-16by9">  <!-- video -->
+                <iframe class="has-ratio" width="560" height="315" src="https://www.youtube.com/embed/W4T2n_2m7WA?si=sOjmg4IfeHeBEgVp" frameborder="0" allowfullscreen>
+                </iframe>
+              </figure>
+              <p>
+                Provides a high-level overview of the CVE Program, what a CVE Record is and how
+                it enables two or more people or tools to refer to a vulnerability and know they are talking about the
+                same thing, and an introduction to how and why to become a CVE Numbering Authority (CNA) partner.
+              </p>
+            </div>
             <div class="cve-white-bg-gray-border-container">
               <h3 class="title mt-4">Podcast - The Value of Assigning CVEs</h3>
               <figure class ="image is-16by9">  <!-- podcast -->
                 <iframe class="has-ratio" width="560" height="315" src="https://www.youtube.com/embed/aT6BjbZS22w" frameborder="0" allowfullscreen>
                 </iframe>
               </figure>
               <p>
-                Shannon Sabens of <a href='https://www.crowdstrike.com/' target='_blank'>CrowdStrike</a> chats with Madison Oliver of
-                <a href='https://securitylab.github.com/' target='_blank'>GitHub Security Lab</a> about how and why CVEs are assigned, the value
-                 of CVEs in vulnerability management, responsible coordination of vulnerability disclosures, the importance of comprehensiveness
-                 in security advisories, and why there is no stigma in a CVE. In addition, <a href='/ProgramOrganization/CNAs'>CVE Numbering
-                 Authority (CNA)</a> scopes, disclosure policies, turnaround times, and more are discussed in general, as are GitHub’s specific
-                 CNA processes and how it helps open source projects hosted on GitHub with their CVEs and advisories.
+                 Learn how and why CVEs are assigned, the value of CVEs in vulnerability management, responsible coordination of
+                 vulnerability disclosures, the importance of comprehensiveness in security advisories, and why there is no stigma
+                 in a CVE. In addition, CVE Numbering Authority (CNA) scopes, disclosure policies, turnaround times, and more
+                 are discussed in general, as are GitHub’s specific CNA processes and how it helps open source projects hosted
+                 on GitHub with their CVEs and advisories.
               </p>
             </div>
             <div class="cve-white-bg-gray-border-container">
@@ -44,8 +55,7 @@
                 <iframe class="has-ratio" width="560" height="315" src="https://www.youtube.com/embed/OQB2w71JmLE" frameborder="0" allowfullscreen>
                 </iframe>
               </figure>
-              <a href='/ProgramOrganization/Board'>CVE Board</a> members Tod Beardsley, Shannon Sabens, and Kent Landfield provide
-              the truth and facts about the following myths about the CVE Program:
+              Learn the truth and facts about the following myths about the CVE Program:
               <ul>
                 <li class="cve-list-no-bullet">Myth #1: The CVE Program is run entirely by the MITRE Corporation.</li>
                 <li class="cve-list-no-bullet"> Myth #2: The CVE Program is controlled by software vendors.</li>
@@ -60,13 +70,7 @@
                 </iframe>
               </figure>
               <p>
-                Shannon Sabens of
-                <a href='https://www.crowdstrike.com/' target='_blank'>CrowdStrike</a>
-                chats with Julia Turkevich of the
-                <a href='https://www.cisa.gov/about/divisions-offices/cybersecurity-division' target='_blank'>
-                U.S. Cybersecurity and Infrastructure Security Agency (CISA)</a>
-                about the myths and facts of partnering with the CVE Program as a
-                <router-link to="/ProgramOrganization/CNAs">CVE Numbering Authority</router-link> (CNA):
+                Learn the myths and facts of partnering with the CVE Program as a CVE Numbering Authority (CNA):
               </p>
               <ul>
                 <li class="cve-list-no-bullet">Myth #1: Only a specific category of software vendors can become CNAs.</li>
@@ -86,19 +90,14 @@
                 </iframe>
               </figure>
               <p>
-                The following truths and facts about the <a href='/ProgramOrganization/CNAs'>CVE Numbering Authority (CNA)</a> partner onboarding
+                The following truths and facts about the CVE Numbering Authority (CNA) partner onboarding
                 process are discussed: duration and complexity of the onboarding process; the fact that there is no fee to
-                participate; ease of incorporating assigning
-                <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a>
-                and publishing <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a>
+                participate; ease of incorporating assigning CVE Identifiers (CVE IDs) and publishing CVE Records
                 into an organization’s existing coordinated vulnerability disclosure (CVD) processes; availability of automated
-                tools for CNAs; the <a href='/AllResources/CveServices#CveRecordFormat'>CVE JSON Record format</a> and available
-                guidance; role of <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRoot'>Roots</a> and
-                <a href='/ResourcesSupport/Glossary?activeTerm=glossaryTLRoot'>Top-Level Roots</a> and how they help CNAs; importance of
-                CNAs determining their own <a href='/ResourcesSupport/Glossary?activeTerm=glossaryScope'>scopes</a>; disclosure policies;
-                the community aspect of being a CNA and the availability of peer support; the value of CNAs participating in one or more
-                <a href='/ProgramOrganization/WorkingGroups'>CVE Working Groups</a>, especially the
-                <a href='/ProgramOrganization/WorkingGroups#CNAOrganizationOfPeersCOOP'>CNA Organization of Peers (COOP)</a>; and more.
+                tools for CNAs; the CVE JSON Record formatand available guidance; role of Roots and Top-Level Roots and how they help CNAs;
+                importance of CNAs determining their own scopes; disclosure policies; the community aspect of being a CNA and the
+                availability of peer support; the value of CNAs participating in one or more CVE Working Groups, especially the
+                CNA Organization of Peers (COOP); and more.
               </p>
             </div>
             <div class="cve-white-bg-gray-border-container">
@@ -109,13 +108,10 @@
               </figure>
               <p>
                 Learn how
-                <a href='/ProgramOrganization/CNAs'>CVE Numbering Authority (CNA)</a>
+                CVE Numbering Authority (CNA)
                 partners &mdash; ranging from large to small organizations, proprietary and open source products or projects, disparate business
-                sectors, and different geographic locations &mdash; are overseen and supported within the
-                <a href='/'>CVE Program</a>
-                by “<a href='/ResourcesSupport/Glossary?activeTerm=glossaryTLRoot'>Top-Level Roots</a>”
-                and “<a href='/ResourcesSupport/Glossary?activeTerm=glossaryRoot'>Roots</a>.”
-                Topics include the roles and responsibilities of the two different types of Roots; how their work benefits the CNAs
+                sectors, and different geographic locations &mdash; are overseen and supported within the CVE Program by “Top-Level Roots”
+                and “Roots.” Topics include the roles and responsibilities of the two different types of Roots; how their work benefits the CNAs
                 under their care; how they recruit new CNA partners, including suggestions for addressing upper management concerns if a CNA
                 prospect organization is hesitant to partner as a CNA; how they work with and support their CNAs over time; how the
                 “Council of Roots” works together to enhance and help improve the program overall; and much more. All current CVE Program

src/views/CVERecord/CVERecord.vue

@@ -138,7 +138,12 @@ export default {
   },
   head() {
     const cveId = this.$route.query.id;
-    return {title: `CVE Record: ${cveId}`}
+    return {
+        title: `CVE Record: ${cveId}`,
+        meta: [{
+            name: 'description',
+            content: `Vulnerability detail for ${cveId}`}]
+    }
   },
   watch: {
     $route(to) {

src/views/ResourcesSupport/Resources.vue

@@ -589,9 +589,14 @@
               <div class="tile is-parent cve-task-left-tile">
                 <article class="tile is-child cve-border-dark-blue">
                      <h3 class="title cve-task-tile-header">
-                       Program Documents
+                       Program Documents &amp; Videos
                      </h3>
                      <ul class="mt-0 tile-body cve-task-tile-list">
+                        <li>
+                          <a target='_blank' href="https://youtu.be/W4T2n_2m7WA?si=sRxC1wLEbZ81AeCb">
+                            CVE Lightning Talk Video
+                          </a>
+                        </li>
                        <li>
                          <router-link to="/CVERecord/UserGuide">
                           CVE Record User Guide