Merge pull request #3178 from CVEProject/test

update main with Test

Author: athu-tran

src/assets/data/CNAsList.json

@@ -7477,7 +7477,7 @@
         "email": [
           {
             "label": "Email",
-            "emailAddr": "cybersecurity@se.com"
+            "emailAddr": "cpcert@se.com"
           }
         ],
         "contact": [
@@ -9231,14 +9231,14 @@
   {
     "shortName": "vmware",
     "cnaID": "CNA-2016-0025",
-    "organizationName": "VMware",
+    "organizationName": "VMware by Broadcom",
     "scope": "VMware, Spring, and Cloud Foundry issues only",
     "contact": [
       {
         "email": [
           {
             "label": "Email",
-            "emailAddr": "security@vmware.com"
+            "emailAddr": "vmware.psirt@broadcom.com"
           }
         ],
         "contact": [],
@@ -9249,15 +9249,15 @@
       {
         "label": "Policy",
         "language": "",
-        "url": "https://www.vmware.com/support/policies/security_response.html"
+        "url": "https://www.broadcom.com/support/vmware-services/security-response"
       }
     ],
     "securityAdvisories": {
       "alerts": [],
       "advisories": [
         {
           "label": "Advisories",
-          "url": "https://www.vmware.com/security/advisories.html"
+          "url": "https://www.broadcom.com/support/vmware-security-advisories"
         }
       ]
     },

src/assets/data/events.json

@@ -1,11 +1,27 @@
 {
   "currentEvents": [
+    {
+      "id": 35,
+      "title": "CVE Artificial Intelligence Working Group (CVEAI WG) Meeting",
+      "location": "Virtual",
+      "description": "Focused on defining swim lanes for AI vulnerability disclosure within the CVE Program.",
+      "permission": "private",
+      "url": "/ProgramOrganization/WorkingGroups#CVEArtificialIntelligenceWorkingGroupCVEAIWG",
+      "date": {
+        "start": "2024-10-15",
+        "end": "2024-12-31",
+        "repeat": {
+          "day": "Monday",
+          "recurrence": "biweekly"
+        }
+      }
+    },
     {
       "id": 34,
       "displayOnHomepageOrder": 1,
       "title": "CVE Program Workshop – Autumn 2024",
       "location": "Virtual",
-      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT both days.<br/><br/>Workshop “save the date” announcement, with expected topics and other details, sent to partners on September 19, 2024.",
+      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT both days.<br/><br/>Please refer to the CNA partners email announcements for agenda topics, deadlines, and other workshop details.",
       "permission": "private",
       "url": "",
       "date": {
@@ -430,15 +446,15 @@
       "id": 3,
       "title": "CVE Outreach and Communications Working Group (OCWG) Meeting",
       "location": "Virtual",
-      "description": "Promote the CVE Program to achieve program adoption and coverage goals through increased community awareness. Each calendar year there are six meetings held on a Monday (UTC-08:00) and six meetings held on a Wednesday (UTC-12:00).",
+      "description": "Promote the CVE Program to achieve program adoption and coverage goals through increased community awareness.",
       "permission": "private",
       "url": "/ProgramOrganization/WorkingGroups#OutreachandCommunicationsWorkingGroupOCWG",
       "date": {
         "start": "2024-01-01",
         "end": "2024-12-31",
         "repeat": {
-          "day": "Monday or Wednesday alternating every other month",
-          "recurrence": "monthly"
+          "day": "Friday",
+          "recurrence": "weekly"
         }
       }
     },

src/assets/data/faqs.json

@@ -256,7 +256,7 @@
 				"questionText": "Are there CVE List data feeds",
 				"questionResponseParagraphs": [
 					"Yes, both internal and external feeds of CVE List content are available.",
-					"CVE Program:<ul><li><a href='https://twitter.com/CVEnew/' target='_blank'>Feed of newly published CVE Records</a>  @CVEnew Twitter</li><li><a href='https://github.com/CVEProject/cvelistV5' target='_blank'>CVE List downloads (updated hourly)</a> cvelistV5 repository on GitHub</li></ul>",
+					"CVE Program:<ul><li><a href='https://x.com/CVEnew' target='_blank'>Feed of newly published CVE Records</a>  @CVEnew on X</li><li><a href='https://github.com/CVEProject/cvelistV5' target='_blank'>CVE List downloads (updated hourly)</a> cvelistV5 repository on GitHub</li></ul>",
 					"External:<ul><li><a href='https://cassandra.cerias.purdue.edu/CVE_changes/' target='_blank'>CVE Change Logs</a> free tool from CERIAS/Purdue University that provides daily and monthly changes to CVE Records.</li></ul>"
 				]
 			},

src/assets/data/navigation.json

@@ -201,6 +201,10 @@
             "anchorId": "CNAOrganizationOfPeersCOOP",
             "label": "CNA Organization of Peers (COOP)"
           },
+          "CVE Artificial Intelligence Working Group (CVEAI WG)": {
+            "anchorId": "CVEArtificialIntelligenceWorkingGroupCVEAIWG",
+            "label": "CVE Artificial Intelligence Working Group (CVEAI WG)"
+          },
           "Outreach and Communications Working Group (OCWG)": {
             "anchorId": "OutreachandCommunicationsWorkingGroupOCWG",
             "label": "Outreach and Communications Working Group (OCWG)"

src/assets/data/news.json

@@ -1,5 +1,43 @@
 {
   "currentNews": [
+    {
+      "id": 421,
+      "newsType": "news",
+      "title": "CVE Program Adds New “CVE Artificial Intelligence Working Group (CVEAI WG)”",
+      "urlKeywords": "New CVE Artificial Intelligence Working Group",
+      "date": "2024-10-15",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVE Program’s newest working group (WG), <a href='/ProgramOrganization/WorkingGroups#CVEArtificialIntelligenceWorkingGroupCVEAIWG'>CVE Artificial Intelligence</a> (CVEAI WG), is open to CVE community members such as <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a>, the <a href='/ProgramOrganization/Board'>CVE Board</a>, <a href='/ProgramOrganization/ADPs'>Authorized Data Publishers (ADPs)</a>, and participants from the <a href='/ResourcesSupport/Glossary?activeTerm=glossarySecretariat'>CVE Program Secretariat</a>; members of corporate vulnerability management programs and related standards, initiatives, and associations; and members of the AI community with expertise in AI and AI-related security concerns."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVEAI WG will focus on: “determining what is a CVE-able vulnerability in AI technology. It is expected the CVEAI WG will produce documentation that defines how the CVE Program will address AI technologies moving forward. The CVEAI WG efforts are focused on defining swim lanes for AI vulnerability disclosure within CVE. This WG will discuss the concerns in defining what is within the responsibilities of the CVE Program. Because not all AI issues are appropriate for a CVE assignment, it will also try to define when other AI security-related initiatives are needed to address concerns outside the CVE Program.”"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Read the <a href='/Resources/Roles/WorkingGroups/CVEAIWG/CVEAIWG-Charter.pdf' target='_blank'>CVEAI WG charter</a>."
+        }
+      ]
+    },
+    {
+      "id": 420,
+      "newsType": "news",
+      "title": "Minutes from CVE Board Teleconference Meeting on October 2 Now Available",
+      "urlKeywords": "CVE Board Minutes from October 2",
+      "date": "2024-10-15",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The <a href='/ProgramOrganization/Board'>CVE Board</a> held a teleconference meeting on October 2, 2024. Read the <a href='https://cve.mitre.org/community/board/meeting_summaries/02_October_2024.pdf' target='_blank'>meeting minutes summary</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVE Board is the organization responsible for the strategic direction, governance, operational structure, policies, and rules of the CVE Program. The Board includes members from numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information."
+        }
+      ]
+    },
     {
       "id": 419,
       "newsType": "blog",
@@ -32,6 +70,7 @@
     },
     {
       "id": 418,
+      "displayOnHomepageOrder": 0,
       "newsType": "news",
       "title": "Minutes from CVE Board Teleconference Meeting on September 18 Now Available",
       "urlKeywords": "CVE Board Minutes from September 18",

src/components/FooterModule.vue

@@ -48,14 +48,14 @@
             <font-awesome-icon :icon="['fab', 'medium']" aria-labelledby="mediumIcon" aria-hidden="false" focusable="false"/>
           </span></a>
           <div>
-            <a class="cve-social-media-icon-with-text" href="https://twitter.com/CVEnew/" target="_blank">
+            <a class="cve-social-media-icon-with-text" href="https://x.com/CVEnew" target="_blank">
               <span class="icon">
                 <p id="x-twitterNewIcon" class="is-hidden">x-twitter icon for @CVEnew</p>
                 <font-awesome-icon :icon="['fab', 'x-twitter']" aria-labelledby="x-twitterNewIcon" aria-hidden="false" focusable="false"/>
               </span>
               New CVE Records
             </a>
-            <a class="cve-social-media-icon-with-text" href="https://twitter.com/CVEannounce/" target="_blank">
+            <a class="cve-social-media-icon-with-text" href="https://x.com/CVEannounce" target="_blank">
               <span class="icon">
                 <p id="x-twitterAnnounceIcon" class="is-hidden">x-twitter icon for @CVEannounce</p>
                 <font-awesome-icon :icon="['fab', 'x-twitter']" aria-labelledby="x-twitterAnnounceIcon" aria-hidden="false" focusable="false"/>

src/views/ProgramOrganization/WorkingGroups.vue

@@ -9,8 +9,9 @@
             <ExternalLinkMessage/>
             <p>
               CVE Working Groups (WGs) actively focus on improving processes, workflows, and other aspects of the program as it continues to grow
-              and expand. There are seven main WGs: Automation (AWG), CNA Organization of Peers (COOP), Outreach and Communications (OCWG),
-              Quality (QWG), Strategic Planning (SPWG), Tactical (TWG), and Vulnerability Conference and Events (VCEWG).
+              and expand. There are eight main WGs: Automation (AWG), CNA Organization of Peers (COOP), CVE Artificial Intelligence (CVEAI WG),
+              Outreach and Communications (OCWG), Quality (QWG), Strategic Planning (SPWG), Tactical (TWG), and
+              Vulnerability Conference and Events (VCEWG).
             </p>
             <p>
               Details about these WGs are found below including information on how to join, as well as links to documents, repositories,
@@ -136,6 +137,49 @@
                 </article>
               </div>
             </div>
+            <h2 :id="cvenavs['Program Organization']['submenu']['Working Groups']['items']['CVE Artificial Intelligence Working Group (CVEAI WG)']
+            ['anchorId']"
+            class="title">
+            {{cvenavs['Program Organization']['submenu']['Working Groups']['items']['CVE Artificial Intelligence Working Group (CVEAI WG)']
+            ['label']}}</h2>
+            <p>
+              The CVEAI WG is focused on defining swim lanes for AI vulnerability disclosure within CVE. This WG will discuss the concerns
+              in defining what is within the responsibilities of the CVE Program. Because not all AI issues are appropriate for a CVE assignment,
+              it will also try to define when other AI security-related initiatives are needed to address concerns outside the CVE Program.
+            </p>
+            <p>
+              <span class="has-text-weight-bold">Membership Eligibility:</span> Per the CVEAI WG Charter, “Any active CVE-authorized program
+              member may participate in the CVEAI. This includes Board members, CVE Numbering Authority (CNA) representatives,
+              Authorized Data Publishers (ADP), and participants from the Secretariat’s organization. This WG is also open to public membership,
+              including members of corporate vulnerability management programs, as well as VM related standards, initiatives and associations
+              and others. It is also open to members of the AI community with expertise in AI and AI related security concerns.”
+            </p>
+            <div class="tile is-ancestor cve-task-tiles-container">
+              <div class="tile is-parent cve-task-left-tile">
+                <article class="tile is-child cve-border-dark-blue">
+                  <h3 class="title cve-task-tile-header">
+                    Documents
+                  </h3>
+                  <ul class="tile-body cve-task-tile-list">
+                    <li class="cve-task-tile-list-item">
+                      <router-link to="/Resources/Roles/WorkingGroups/CVEAIWG/CVEAIWG-Charter.pdf" target="_blank">CVEAI WG Charter</router-link>
+                    </li>
+                  </ul>
+                </article>
+              </div>
+              <div class="tile is-parent">
+                <article class="tile is-child cve-border-dark-blue">
+                  <h3 class="title cve-task-tile-header">
+                    Repositories and Projects
+                  </h3>
+                  <ul class="tile-body cve-task-tile-list">
+                    <li class="cve-task-tile-list-item">
+                      TBA
+                    </li>
+                  </ul>
+                </article>
+              </div>
+            </div>
             <h2 :id="cvenavs['Program Organization']['submenu']['Working Groups']['items']['Outreach and Communications Working Group (OCWG)']
             ['anchorId']" class="title">
               {{cvenavs['Program Organization']['submenu']['Working Groups']['items']['Outreach and Communications Working Group (OCWG)']['label']}}
@@ -371,9 +415,13 @@
                   <td data-label="Working Group" style="width: 55%">CNA Organization of Peers (COOP)</td>
                   <td data-label="Meeting Time">Every other Wednesday 2:00pm ET</td>
                 </tr>
+                <tr>
+                  <td data-label="Working Group" style="width: 55%">CVE Artificial Intelligence Working Group (CVEAI WG)</td>
+                  <td data-label="Meeting Time">Every other Monday 1:00pm ET</td>
+                </tr>
                 <tr>
                   <td data-label="Working Group" style="width: 55%">Outreach and Communications Working Group (OCWG)</td>
-                  <td data-label="Meeting Time">Every other month on Monday 4:00pm ET / Every other month on Wednesday 8:00am ET</td>
+                  <td data-label="Meeting Time">Every Friday 9:00am ET</td>
                 </tr>
                 <tr>
                   <td data-label="Working Group" style="width: 55%">Quality Working Group (QWG)</td>

src/views/ResourcesSupport/Resources.vue

@@ -479,13 +479,18 @@
                       </a>
                     </li>
                     <li>
-                      <router-link to="/Resources/Roles/WorkingGroups/SPWG/SPWG-Charter.pdf" target="_blank">
-                        Strategic Planning Working Group (SPWG) Charter (PDF, 0.2MB)
+                      <router-link to="/Resources/Roles/WorkingGroups/COOP/COOP-Charter.pdf" target="_blank">
+                        CNA Organization of Peers (COOP) Charter (PDF, 0.1MB)
                       </router-link>
                     </li>
                     <li>
-                      <router-link to="/Resources/Roles/WorkingGroups/COOP/COOP-Charter.pdf" target="_blank">
-                        CNA Organization of Peers (COOP) Charter (PDF, 0.1MB)
+                      <router-link to="/Resources/Roles/WorkingGroups/CVEAIWG/CVEAIWG-Charter.pdf" target="_blank">
+                        CVE Artificial Intelligence Working Group (CVEAI WG) Charter (PDF, 0.1MB)
+                      </router-link>
+                    </li>
+                    <li>
+                      <router-link to="/Resources/Roles/WorkingGroups/OCWG/OCWG-Charter.pdf" target="_blank">
+                        Outreach and Communications Working Group (OCWG) Charter (PDF, 0.1MB)
                       </router-link>
                     </li>
                     <li>
@@ -494,8 +499,8 @@
                       </a>
                     </li>
                     <li>
-                      <router-link to="/Resources/Roles/WorkingGroups/OCWG/OCWG-Charter.pdf" target="_blank">
-                        Outreach and Communications Working Group (OCWG) Charter (PDF, 0.1MB)
+                      <router-link to="/Resources/Roles/WorkingGroups/SPWG/SPWG-Charter.pdf" target="_blank">
+                        Strategic Planning Working Group (SPWG) Charter (PDF, 0.2MB)
                       </router-link>
                     </li>
                     <li>
@@ -606,7 +611,7 @@
                       </h3>
                       <p class="mb-0 ml-4 has-text-weight-bold">Feed of newly published CVE Records:</p>
                       <ul class="mt-0 mb-0 tile-body cve-task-tile-list">
-                        <li><a href="https://twitter.com/CVEnew/" target="_blank">@CVEnew Twitter</a></li>
+                        <li><a href="https://x.com/CVEnew" target="_blank">@CVEnew on X</a></li>
                         <li><a href='https://github.com/CVEProject/cvelistV5' target='_blank'>CVE List downloads (updated hourly)</a>
                         cvelistV5 repository on GitHub</li>
                       </ul>