Merge pull request #3657 from CVEProject/int

jdaigneau5 · web-flow · commit 92d4db930af3 · 2025-08-05T14:58:26.000-04:00
8/5/25 Release: INT to MAIN
diff --git a/src/assets/data/CNAsList.json b/src/assets/data/CNAsList.json
@@ -26543,5 +26543,118 @@
       ]
     },
     "country": "Spain"
+  },
+  {
+    "shortName": "GoogleCloud",
+    "cnaID": "CNA-2025-0038",
+    "organizationName": "Google Cloud",
+    "scope": "Vulnerabilities in any Google Cloud developed product and not under the scope of another CNA.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "google-cloud-cve-program@google.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://about.google/company-info/appsecurity/"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "language": "",
+          "url": "https://cloud.google.com/support/bulletins"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "Google",
+        "organizationName": "Google LLC"
+      },
+      "type": [
+        "Vendor"
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ]
+    },
+    "country": "USA"
+  },
+  {
+    "shortName": "bcorg",
+    "cnaID": "CNA-2025-0039",
+    "organizationName": "Legion of the Bouncy Castle Inc.",
+    "scope": "Legion of the Bouncy Castle issues only.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "feedback-crypto@bouncycastle.org"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.bouncycastle.org/disclosure.html"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.bouncycastle.org/vulnerability-advisory.html"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Open Source"
+      ]
+    },
+    "country": "Australia"
   }
 ]
diff --git a/src/assets/data/events.json b/src/assets/data/events.json
@@ -1,5 +1,18 @@
 {
   "currentEvents": [
+    {
+      "id": 39,
+      "title": "CVE Program Technical Workshop – Autumn 2025",
+      "location": "Virtual",
+      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT both days.<br/><br/>Please refer to the CNA partners email announcements for agenda topics and other workshop details.",
+      "permission": "private",
+      "url": "",
+      "date": {
+        "start": "2025-10-22",
+        "end": "2025-10-23",
+        "repeat": false
+      }
+    },
     {
       "id": 38,
       "title": "Researcher Working Group (RWG) Meeting",
diff --git a/src/assets/data/metrics.json b/src/assets/data/metrics.json
@@ -1200,7 +1200,7 @@
         },
         {
           "month": "August",
-          "value": "TBA"
+          "value": "2"
         },
         {
           "month": "September",
diff --git a/src/assets/data/news.json b/src/assets/data/news.json
@@ -1,5 +1,81 @@
 {
   "currentNews": [
+    {
+      "id": 557,
+      "newsType": "news",
+      "title": "Legion of the Bouncy Castle Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Legion of Bouncy Castle Added as CNA",
+      "date": "2025-08-04",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+    "shortName": "bcorg",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/bcorg'>Legion of the Bouncy Castle Inc.</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for Legion of the Bouncy Castle issues only."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>463 CNAs</a> (460 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>39 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Legion of the Bouncy Castle is the 9th CNA from Australia."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Legion of the Bouncy Castle’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 556,
+      "newsType": "blog",
+      "title": "Vulnerability Data Enrichment for CVE Records: 242 CNAs on the Enrichment Recognition List for August 4, 2025",
+      "urlKeywords": "CNA Enrichment Recognition List Update",
+      "date": "2025-08-04",
+      "author": {
+        "name": "CVE Program",
+        "organization": {
+          "name": "CVE Program",
+          "url": ""
+        },
+        "title": "",
+        "bio": ""
+      },
+      "description": [
+        {
+          "contentnewsType": "image",
+          "imageWidth": "",
+          "href": "/news/CnaEnrichmentRecognitionList.png",
+          "altText": "Increasing the Value of the CVE Record - CNA Enrichment Recognition List"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” for August 4, 2025, is now available with 242 CNAs listed. Published monthly on the CVE website, the list recognizes those <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> that are actively providing enhanced vulnerability data in their <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a>. CNAs are added to the list if they provide <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE&trade;)</a> in at least 98% of their records that were published within two weeks of their most recently published record."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "For more about the recognition list, see “<a href='/Media/News/item/blog/2024/09/10/CNA-Enrichment-Recognition-List'>Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records</a>.” To learn more about vulnerability information types like CVSS and CWE, see the <a href='/CVERecord/UserGuide'>CVE Record User Guide</a>. View the most current CNA Enrichment Recognition List on the CVE website Metrics page <a href='/About/Metrics#CNAEnrichmentRecognition'>here</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "CNA Enrichment Recognition List for August 4, 2025, with 242 CNAs listed: <ul><li>Acronis International GmbH</li><li>Adobe Systems Incorporated</li><li>Advanced Micro Devices Inc.</li><li>Amazon</li><li>AMI</li><li>ARC Informatique</li><li>Asea Brown Boveri Ltd.</li><li>ASR Microelectronics Co., Ltd.</li><li>ASUSTeK Computer Incorporation</li><li>ASUSTOR Inc.</li><li>ATISoluciones Diseño de Sistemas Electrónicos, S.L.</li><li>Austin Hackers Anonymous</li><li>Autodesk</li><li>Automotive Security Research Group (ASRG)</li><li>Avaya Inc.</li><li>Axis Communications AB</li><li>B. Braun SE</li><li>Baxter Healthcare</li><li>Beckman Coulter Life Sciences</li><li>BeyondTrust Inc.</li><li>Bitdefender</li><li>Bizerba SE & Co. KG</li><li>Black Duck Software, Inc.</li><li>Black Lantern Security</li><li>BlackBerry</li><li>Brocade Communications Systems LLC, a Broadcom Company</li><li>CA Technologies</li><li>Canon EMEA</li><li>Canon Inc.</li><li>Canonical Ltd.</li><li>Carrier Global Corporation</li><li>Cato Networks</li><li>Centreon</li><li>CERT.PL</li><li>CERT@VDE</li><li>Check Point Software Technologies Ltd.</li><li>Checkmarx</li><li>Checkmk GmbH</li><li>cirosec GmbH</li><li>Cisco Systems, Inc.</li><li>Citrix Systems, Inc.</li><li>Cloudflare, Inc.</li><li>Concrete CMS</li><li>ConnectWise LLC</li><li>Crafter CMS</li><li>Crestron Electronics, Inc.</li><li>CrowdStrike Holdings, Inc.</li><li>Cyber Security Agency of Singapore</li><li>Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government</li><li>Danfoss</li><li>Dassault Systèmes</li><li>Delinea, Inc.</li><li>Dell EMC</li><li>Delta Electronics, Inc.</li><li>Digi International Inc.</li><li>Docker Inc.</li><li>Dragos, Inc.</li><li>Dremio Corporation</li><li>Dutch Institute for Vulnerability Disclosure (DIVD)</li><li>Eaton</li><li>Eclipse Foundation</li><li>Edgewatch Security Intelligence</li><li>Elastic</li><li>EnterpriseDB Corporation</li><li>Environmental Systems Research Institute, Inc. (Esri)</li><li>Ericsson</li><li>Erlang Ecosystem Foundation</li><li>ESET, spol. s r.o.</li><li>Extreme Networks, Inc.</li><li>F5 Networks</li><li>Fedora Project (Infrastructure Software)</li><li>Financial Security Institute (FSI)</li><li>Flexera Software LLC</li><li>Fluid Attacks</li><li>Forcepoint</li><li>Forescout Technologies</li><li>Fortinet, Inc.</li><li>Fortra, LLC</li><li>FPT SOFTWARE CO., LTD</li><li>Gallagher Group Ltd</li><li>GE Vernova</li><li>Genetec Inc.</li><li>GitHub (maintainer security advisories)</li><li>GitHub Inc, (Products Only)</li><li>GitLab Inc.</li><li>Glyph & Cog, LLC</li><li>GNU C Library</li><li>Google LLC</li><li>Grafana Labs</li><li>Gridware Cybersecurity</li><li>Harborist</li><li>HashiCorp Inc.</li><li>HCL Software</li><li>HeroDevs</li><li>HiddenLayer, Inc.</li><li>Hillstone Networks Inc.</li><li>Hitachi Energy</li><li>Hitachi Vantara</li><li>Hitachi, Ltd.</li><li>Honeywell International Inc.</li><li>HP Inc.</li><li>HYPR Corp</li><li>IBM Corporation</li><li>ICS-CERT</li><li>iManage LLC</li><li>Indian Computer Emergency Response Team (CERT-In)</li><li>Insyde Software</li><li>Intel Corporation</li><li>Internet Systems Consortium (ISC)</li><li>Israel National Cyber Directorate</li><li>Ivanti</li><li>JetBrains s.r.o.</li><li>JFROG</li><li>Johnson Controls</li><li>JPCERT/CC</li><li>Juniper Networks, Inc.</li><li>Kaspersky</li><li>Kong Inc.</li><li>Kubernetes</li><li>Lenovo Group Ltd.</li><li>Lexmark International Inc.</li><li>LG Electronics</li><li>Liferay, Inc.</li><li>M-Files Corporation</li><li>Mandiant Inc.</li><li>Mattermost, Inc</li><li>Mautic</li><li>Medtronic</li><li>Microsoft Corporation</li><li>Milestone Systems A/S</li><li>MIM Software Inc.</li><li>Mitsubishi Electric Corporation</li><li>Monash University - Cyber Security Incident Response Team</li><li>MongoDB</li><li>Moxa Inc.</li><li>N-able</li><li>National Cyber Security Centre Finland</li><li>National Cyber Security Centre SK-CERT</li><li>National Instruments</li><li>NetApp, Inc.</li><li>Netskope</li><li>NLnet Labs</li><li>NortonLifeLock Inc</li><li>Nozomi Networks Inc.</li><li>Nvidia Corporation</li><li>OceanBase</li><li>Odoo</li><li>Okta</li><li>OMRON Corporation</li><li>ONEKEY GmbH</li><li>Open-Xchange</li><li>OpenAnolis</li><li>openEuler</li><li>OpenHarmony</li><li>OpenJS Foundation</li><li>OpenText (formerly Micro Focus)</li><li>OPPO</li><li>OTRS AG</li><li>Palantir Technologies</li><li>Palo Alto Networks</li><li>Panasonic Holdings Corporation</li><li>Pandora FMS</li><li>Patchstack OÜ</li><li>Pegasystems</li><li>Pentraze Cybersecurity</li><li>Perforce</li><li>Phoenix Technologies, Inc.</li><li>PHP Group</li><li>Ping Identity Corporation</li><li>PostgreSQL</li><li>Profisee Group, Inc.</li><li>Proofpoint Inc.</li><li>Protect AI</li><li>Pure Storage, Inc.</li><li>Python Software Foundation</li><li>QNAP Systems, Inc.</li><li>Qualcomm, Inc.</li><li>Rapid7, Inc.</li><li>Real-Time Innovations, Inc.</li><li>Red Hat CNA-LR</li><li>Red Hat, Inc.</li><li>Robert Bosch GmbH</li><li>Rockwell Automation</li><li>Samsung TV & Appliance</li><li>SAP SE</li><li>Saviynt Inc.</li><li>SBA Research gGmbH</li><li>Schneider Electric SE</li><li>Schweitzer Engineering Laboratories, Inc.</li><li>Seal Security</li><li>SEC Consult Vulnerability Lab</li><li>ServiceNow</li><li>SICK AG</li><li>Siemens</li><li>Silicon Labs</li><li>Snyk</li><li>SolarWinds</li><li>Sonatype Inc.</li><li>Sophos</li><li>Spanish National Cybersecurity Institute, S.A.</li><li>Super Micro Computer, Inc.</li><li>Suse</li><li>Switzerland National Cyber Security Centre (NCSC)</li><li>Synaptics</li><li>Synology Inc.</li><li>Talos</li><li>Temporal Technologies Inc.</li><li>Tenable Network Security, Inc.</li><li>The Document Foundation</li><li>The Missing Link Australia (TML)</li><li>The OpenNMS Group</li><li>The Qt Company</li><li>TianoCore.org</li><li>TIBCO Software Inc.</li><li>Toreon</li><li>TP-Link Systems Inc.</li><li>TR-CERT (Computer Emergency Response Team of the Republic of Turkey)</li><li>Trellix</li><li>Trend Micro, Inc.</li><li>TWCERT/CC</li><li>TXOne Networks, Inc.</li><li>TYPO3 Association</li><li>upKeeper Solutions</li><li>Vivo Mobile Communication Technology Co., LTD.</li><li>VulDB</li><li>WatchGuard Technologies, Inc.</li><li>Wind River Systems Inc.</li><li>Wordfence</li><li>WSO2 LLC</li><li>Xerox Corporation</li><li>Xiaomi Technology Co Ltd</li><li>Yandex N.V.</li><li>Yokogawa Group</li><li>Zabbix</li><li>Zephyr Project</li><li>Zero Day Initiative</li><li>Zohocorp</li><li>Zoom Video Communications, Inc.</li><li>Zscaler, Inc.</li><li>ZTE Corporation</li><li>ZUSO Advanced Research Team (ZUSO ART)</li><li>Zyxel Corporation</li></ul>"
+        }
+      ]
+    },
+    {
+      "id": 555,
+      "newsType": "podcast",
+      "title": "Mapping the Root Causes of CVEs",
+      "urlKeywords": "Mapping the Root Causes of CVEs",
+      "date": "2025-08-04",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "Host Shannon Sabens chats with <a href='/'>CVE&trade;</a>/<a href='https://cwe.mitre.org/' target='_blank'>CWE&trade;</a> Project Lead Alec Summers and <a href='https://cwe.mitre.org/top25/' target='_blank'>CWE Top 25</a> task lead/<a href='https://cwe.mitre.org/community/working_groups.html#rcm_wg' target='_blank'>CWE Root Causes Mapping Working Group</a> lead Connor Mullaly about the importance of mapping <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> (vulnerabilities) to their technical root causes using <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE)</a>. Additional topics include the benefits of RCM for <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> and consumers of CVE data, <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and other vulnerability metadata and their differences with CWE, the <a href='https://cwe.mitre.org/top25/' target='_blank'>CWE Top 25 Most Dangerous Software Weaknesses</a> list, and the tools and guidance available to improve the RCM process (e.g., examples of mappings and best practices on the <a href='https://cwe.mitre.org/' target='_blank'>CWE website</a>, mapping usage labels on CWE entry pages on the website, the <a href='https://cwe.mitre.org/community/working_groups.html#rcm_wg' target='_blank'>RCM WG</a>, and an LLM tool), and more."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "“<a href='/Media/News/Podcasts'>We Speak CVE</a>” is a free podcast about cybersecurity, vulnerability management, and the CVE Program. Listen on the <a href='https://www.youtube.com/channel/UCUHd2XFDsKH8kjMZQaSKpDQ/' target='_blank'>CVE Program Channel on YouTube</a>, on <a href='https://wespeakcve.buzzsprout.com/' target='_blank'>We Speak CVE page on Buzzsprout</a>, and on major podcast directories such as Spotify, Stitcher, Apple Podcasts, iHeartRadio, Podcast Addict, Podchaser, Pocket Casts, Deezer, Listen Notes, Player FM, and Podcast Index, among others."
+        }
+      ],
+      "url": "https://www.youtube.com/embed/3nNmrv4j1YE"
+    },
     {
       "id": 554,
       "newsType": "news",
diff --git a/src/views/About/Metrics.vue b/src/views/About/Metrics.vue

Original file line number	Diff line number	Diff line change
`@@ -1200,7 +1200,7 @@`
`1200`	`1200`	`},`
`1201`	`1201`	`{`
`1202`	`1202`	`"month": "August",`
`1203`		`- "value": "TBA"`
	`1203`	`+ "value": "2"`
`1204`	`1204`	`},`
`1205`	`1205`	`{`
`1206`	`1206`	`"month": "September",`