Merge branch 'int-main' of https://github.com/CVEProject/cve-website into content-rjr-3182

Author: jdaigneau5

src/assets/data/currentBoardMembersList.json

@@ -31,14 +31,6 @@
       "organizationURL": "https://www.mitre.org/",
       "role": "MITRE At-Large"
     },
-    {
-      "familyName": "Cox",
-      "firstName": "Mark",
-      "imageURL": "",
-      "organization": "",
-      "organizationURL": "",
-      "role": "Board"
-    },
     {
       "familyName": "Cox",
       "firstName": "William",

src/assets/data/news.json

@@ -63,6 +63,82 @@
         }
       ]
     },
+    {
+      "id": 424,
+      "newsType": "blog",
+      "title": "Vulnerability Data Enrichment for CVE Records: 221 CNAs on the Enrichment Recognition List for October 21, 2024",
+      "urlKeywords": "CNA Enrichment Recognition List Update",
+      "date": "2024-10-22",
+      "author": {
+        "name": "CVE Program",
+        "organization": {
+          "name": "CVE Program",
+          "url": ""
+        },
+        "title": "",
+        "bio": ""
+      },
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” for October 21, 2024, is now available with 221 CNAs listed. Published every two weeks on the CVE website, the list recognizes those <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> that are actively providing enhanced vulnerability data in their <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a>. CNAs are added to the list if they provide <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE&trade;)</a> information 98% of the time or more within the two-week period of their last published CVE Record."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "For more about the recognition list, see “<a href='/Media/News/item/blog/2024/09/10/CNA-Enrichment-Recognition-List'>Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records</a>.” To learn more about vulnerability information types like CVSS and CWE, see the <a href='/CVERecord/UserGuide'>CVE Record User Guide</a>. View the CNA Enrichment Recognition List on the CVE website Metrics page <a href='/About/Metrics#CNAEnrichmentRecognition'>here</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "CNA Enrichment Recognition List for October 21, 2024, with 221 CNAs listed: <ul><li>9front Systems</li><li>Absolute Software</li><li>Acronis International GmbH</li><li>Adobe Systems Incorporated</li><li>AlgoSec</li><li>AMI</li><li>AppCheck Ltd.</li><li>Arista Networks, Inc.</li><li>Asea Brown Boveri Ltd.</li><li>ASR Microelectronics Co., Ltd.</li><li>Autodesk</li><li>Automotive Security Research Group (ASRG)</li><li>Avaya Inc.</li><li>Baicells Technologies Co., Ltd.</li><li>Baidu, Inc.</li><li>Baxter Healthcare</li><li>Becton, Dickinson and Company (BD)</li><li>BeyondTrust Inc.</li><li>Bitdefender</li><li>BlackBerry</li><li>Brocade Communications Systems, Inc.</li><li>Canon EMEA</li><li>Canon Inc.</li><li>Carrier Global Corporation</li><li>Cato Networks</li><li>CERT.PL</li><li>CERT@VDE</li><li>Check Point Software Technologies Ltd.</li><li>Checkmarx</li><li>Checkmk GmbH</li><li>Ciena Corporation</li><li>cirosec GmbH</li><li>Cisco Systems, Inc.</li><li>ClickHouse, Inc.</li><li>Cloudflare, Inc.</li><li>Concrete CMS</li><li>CyberDanube</li><li>Dassault Systèmes</li><li>Dell EMC</li><li>Dfinity Foundation</li><li>DirectCyber</li><li>Docker Inc.</li><li>dotCMS LLC</li><li>Dragos, Inc.</li><li>Dutch Institute for Vulnerability Disclosure (DIVD)</li><li>Eaton</li><li>Eclipse Foundation</li><li>ELAN Microelectronics Corp.</li><li>Elastic</li><li>EnterpriseDB Corporation</li><li>Environmental Systems Research Institute, Inc. (Esri)</li><li>Ericsson</li><li>ESET, spol. s r.o.</li><li>EU Agency for Cybersecurity (ENISA)</li><li>Exodus Intelligence</li><li>F5 Networks</li><li>Fedora Project (Infrastructure Software)</li><li>Flexera Software LLC</li><li>Fluid Attacks</li><li>Forcepoint</li><li>ForgeRock, Inc.</li><li>Fortinet, Inc.</li><li>Fortra, LLC</li><li>Gallagher Group Ltd</li><li>GE Healthcare</li><li>Gitea Limited</li><li>GitHub (maintainer security advisories)</li><li>GitHub Inc, (Products Only)</li><li>GitLab Inc.</li><li>Glyph & Cog, LLC</li><li>Google LLC</li><li>Grafana Labs</li><li>Hallo Welt! GmbH</li><li>Hanwha Vision Co., Ltd.</li><li>HashiCorp Inc.</li><li>HeroDevs</li><li>HiddenLayer, Inc.</li><li>Hillstone Networks Inc.</li><li>Hitachi Energy</li><li>Hitachi Vantara</li><li>Hitachi, Ltd.</li><li>Honeywell International Inc.</li><li>HP Inc.</li><li>Huawei Technologies</li><li>HYPR Corp</li><li>IBM Corporation</li><li>ICS-CERT</li><li>IDEMIA</li><li>Indian Computer Emergency Response Team (CERT-In)</li><li>Intel Corporation</li><li>Israel National Cyber Directorate</li><li>Ivanti</li><li>JetBrains s.r.o.</li><li>Johnson Controls</li><li>JPCERT/CC</li><li>Kaspersky</li><li>KNIME AG</li><li>KrCERT/CC</li><li>Kubernetes</li><li>Lenovo Group Ltd.</li><li>Lexmark International Inc.</li><li>LG Electronics</li><li>Liferay, Inc.</li><li>Logitech</li><li>M-Files Corporation</li><li>ManageEngine</li><li>Mattermost, Inc</li><li>Mautic</li><li>Microchip Technology</li><li>Microsoft Corporation</li><li>Milestone Systems A/S</li><li>Mitsubishi Electric Corporation</li><li>MongoDB</li><li>Moxa Inc.</li><li>N-able</li><li>National Cyber Security Centre - Netherlands (NCSC-NL)</li><li>National Cyber Security Centre SK-CERT</li><li>National Instruments</li><li>Netflix, Inc.</li><li>Netskope</li><li>Network Optix</li><li>NLnet Labs</li><li>NortonLifeLock Inc</li><li>Nozomi Networks Inc.</li><li>Nvidia Corporation</li><li>Octopus Deploy</li><li>Okta</li><li>ONEKEY GmbH</li><li>Open Design Alliance</li><li>Open-Xchange</li><li>OpenAnolis</li><li>openEuler</li><li>OpenHarmony</li><li>OpenText (formerly Micro Focus)</li><li>OTRS AG</li><li>Palantir Technologies</li><li>Palo Alto Networks</li><li>Panasonic Holdings Corporation</li><li>Pandora FMS</li><li>PaperCut Software Pty Ltd</li><li>Patchstack OÜ</li><li>Payara</li><li>Pegasystems</li><li>Pentraze Cybersecurity</li><li>Perforce</li><li>Ping Identity Corporation</li><li>Progress Software Corporation</li><li>Proofpoint Inc.</li><li>Protect AI</li><li>Pure Storage, Inc.</li><li>QNAP Systems, Inc.</li><li>Qualcomm, Inc.</li><li>Qualys, Inc.</li><li>rami.io GmbH</li><li>Rapid7, Inc.</li><li>Red Hat, Inc.</li><li>Robert Bosch GmbH</li><li>Rockwell Automation</li><li>SailPoint Technologies</li><li>Samsung TV & Appliance</li><li>SAP SE</li><li>SBA Research gGmbH</li><li>Schneider Electric SE</li><li>Schweitzer Engineering Laboratories, Inc.</li><li>Secomea</li><li>Securin</li><li>Security Risk Advisors</li><li>ServiceNow</li><li>SHENZHEN CoolKit Technology CO., LTD.</li><li>SICK AG</li><li>Siemens</li><li>Sierra Wireless Inc.</li><li>Silicon Labs</li><li>Snow Software</li><li>Snyk</li><li>SoftIron</li><li>SolarWinds</li><li>Sonatype Inc.</li><li>Sophos</li><li>Spanish National Cybersecurity Institute, S.A.</li><li>Splunk</li><li>STAR Labs SG Pte. Ltd.</li><li>Switzerland National Cyber Security Centre (NCSC)</li><li>Synaptics</li><li>Synology Inc.</li><li>Talos</li><li>TeamViewer Germany GmbH</li><li>Temporal Technologies Inc.</li><li>Tenable Network Security, Inc.</li><li>Thales Group</li><li>The Document Foundation</li><li>The Missing Link Australia (TML)</li><li>The OpenNMS Group</li><li>The Tcpdump Group</li><li>The Wikimedia Foundation</li><li>TianoCore.org</li><li>Tigera</li><li>Toshiba Corporation</li><li>TR-CERT (Computer Emergency Response Team of the Republic of Turkey)</li><li>Trellix</li><li>TWCERT/CC</li><li>upKeeper Solutions</li><li>VulDB</li><li>VulnCheck</li><li>WatchGuard Technologies, Inc.</li><li>Western Digital</li><li>Wiz, Inc.</li><li>Wordfence</li><li>Xerox Corporation</li><li>Xiaomi Technology Co Ltd</li><li>Yandex N.V.</li><li>Yokogawa Group</li><li>Yugabyte, Inc.</li><li>Zabbix</li><li>Zephyr Project</li><li>Zero Day Initiative</li><li>Zoom Video Communications, Inc.</li><li>Zscaler, Inc.</li><li>ZTE Corporation</li><li>ZUSO Advanced Research Team (ZUSO ART)</li><li>Zyxel Corporation</li></ul>"
+        }
+      ]
+    },
+    {
+      "id": 423,
+      "newsType": "blog",
+      "title": "Our CVE Story: Biohacking Village",
+      "urlKeywords": "Our CVE Story: Biohacking Village",
+      "date": "2024-10-22",
+      "author": {
+        "name": "Janine (Nina Alli) Medina and Jennifer Agüero",
+        "organization": {
+          "name": " Biohacking Village",
+          "url": "https://www.villageb.io/"
+        },
+        "title": "CNA",
+        "bio": "Guest authors Janine (Nina Alli) and Jennifer Agüero are both from Biohacking Village. Janine is CEO/Executive Director and Jennifer is a Marketing Communications Specialist. Biohacking Village is a CVE Numbering Authority (CNA) partner under the CISA ICS Root."
+      },
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<i>Guest authors Janine (Nina Alli) and Jennifer Agüero are both from Biohacking Village. Janine is CEO/Executive Director and Jennifer is a Marketing Communications Specialist. Biohacking Village is a CVE Numbering Authority (CNA) partner under the CISA ICS Root.</i>"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Since our founding in 2014, <a href='/PartnerInformation/ListofPartners/partner/BHV'>Biohacking Village</a> has recognized the critical need to raise awareness about cybersecurity in patient care &mdash; long before cybersecurity in healthcare became the priority it is today. Our mission, “Healthier Tech for Healthier People” places cybersecurity at the heart of fostering innovation and ensuring patient safety in healthcare technology. We are driven by two core goals: addressing public interest in healthcare security and ensuring patient safety through proactive action."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Each year, we organize Biohacking Village events for both domestic and international conferences, and we participate in one of the world’s largest hacker events, <a href='https://www.villageb.io/def-con' target='_blank'>DEF CON</a>. Over time, we’ve built strong relationships with leading medical device manufacturers, inviting them to our <a href='https://www.villageb.io/device-lab' target='_blank'>Device Lab</a>, where they bring products for testing on one of the most perilous networks, by some of the most skilled hackers in the world.  We maintain an ethical approach to vulnerability testing and are a trusted partner, focusing on improving security while prioritizing patient protection."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Before partnering with the <a href='/'>CVE® Program</a> as a <a href='/ProgramOrganization/CNAs'>CVE Numbering Authority (CNA)</a>, responsibility for managing vulnerabilities lay solely with the device manufacturers participating in our Device Lab. While many manufacturers have their own Coordinated Vulnerability Disclosure (CVD) policies, not all do. Additionally, vulnerabilities are sometimes discovered by researchers or security professionals in our <a href='https://www.villageb.io/speaker-lab' target='_blank'>Speaker Lab</a> or <a href='https://www.villageb.io/catalyst-lab' target='_blank'>Catalyst Workshops</a>. In these situations, it’s crucial to have the capability to disclose these findings responsibly. Our ability to assist in responsible disclosure is central to our commitment to public interest and patient safety, ensuring vulnerabilities are addressed efficiently."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "In June 2023, we reached a major milestone by becoming a <a href='/ProgramOrganization/CNAs'>CNA</a>. This designation enables us to proactively identify, assign, and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities found in medical devices that are not in another CNA’s scope . By adopting the CVE Program’s processes, we enhanced our ability to manage vulnerabilities swiftly and accurately. Becoming a CNA was a strategic decision that empowers us to contribute more effectively to the global healthcare security landscape."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The benefits of participating in the CVE Program go beyond our organization. As a CNA, we are better positioned to coordinate vulnerability management efforts with manufacturers, security researchers, and the broader healthcare community. For any organization involved in technology, especially in critical sectors like healthcare, becoming a CNA demonstrates a commitment to cybersecurity and patient safety. It enables companies to take ownership of vulnerabilities, coordinate responses effectively, and ensure risks are mitigated before they escalate into threats."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "At Biohacking Village, our goal is not only to protect patients but also to support medical device manufacturers in continuously improving product security. We believe that collaboration between the public and private sectors, along with clear communication and transparency, is essential for reducing risks and building safer medical technologies. <a href='/PartnerInformation/Partner#HowToBecomeAPartner'>Becoming a CNA</a> reinforces our dedication to fostering a secure, innovative healthcare environment. Our journey with the CVE Program is just the beginning, and we’re excited to be part of this initiative to enhance safety for all."
+        }
+      ]
+    },
     {
       "id": 422,
       "newsType": "blog",

src/views/About/Metrics.vue

@@ -295,8 +295,8 @@
                 </p>
               </div>
               <h3 class="title">CNA Enrichment Recognition List</h3>
-              <p class="cve-help-text"><span class="has-text-weight-bold">Last Updated: </span><time>October 7, 2024</time><br/>
-              <span class="has-text-weight-bold">Total CNAs: </span>217</p>
+              <p class="cve-help-text"><span class="has-text-weight-bold">Last Updated: </span><time>October 21, 2024</time><br/>
+              <span class="has-text-weight-bold">Total CNAs: </span>221</p>
               <div>
                 <ul>
                   <li>9front Systems</li>
@@ -336,7 +336,6 @@
                   <li>Cloudflare, Inc.</li>
                   <li>Concrete CMS</li>
                   <li>CyberDanube</li>
-                  <li>Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government</li>
                   <li>Dassault Systèmes</li>
                   <li>Dell EMC</li>
                   <li>Dfinity Foundation</li>
@@ -394,7 +393,7 @@
                   <li>Ivanti</li>
                   <li>JetBrains s.r.o.</li>
                   <li>Johnson Controls</li>
-                  <li>Juniper Networks, Inc.</li>
+                  <li>JPCERT/CC</li>
                   <li>Kaspersky</li>
                   <li>KNIME AG</li>
                   <li>KrCERT/CC</li>
@@ -410,6 +409,7 @@
                   <li>Mautic</li>
                   <li>Microchip Technology</li>
                   <li>Microsoft Corporation</li>
+                  <li>Milestone Systems A/S</li>
                   <li>Mitsubishi Electric Corporation</li>
                   <li>MongoDB</li>
                   <li>Moxa Inc.</li>
@@ -443,7 +443,7 @@
                   <li>Payara</li>
                   <li>Pegasystems</li>
                   <li>Pentraze Cybersecurity</li>
-                  <li>Perforce (formerly Puppet)</li>
+                  <li>Perforce</li>
                   <li>Ping Identity Corporation</li>
                   <li>Progress Software Corporation</li>
                   <li>Proofpoint Inc.</li>
@@ -454,6 +454,7 @@
                   <li>Qualys, Inc.</li>
                   <li>rami.io GmbH</li>
                   <li>Rapid7, Inc.</li>
+                  <li>Red Hat, Inc.</li>
                   <li>Robert Bosch GmbH</li>
                   <li>Rockwell Automation</li>
                   <li>SailPoint Technologies</li>
@@ -463,6 +464,7 @@
                   <li>Schneider Electric SE</li>
                   <li>Schweitzer Engineering Laboratories, Inc.</li>
                   <li>Secomea</li>
+                  <li>Securin</li>
                   <li>Security Risk Advisors</li>
                   <li>ServiceNow</li>
                   <li>SHENZHEN CoolKit Technology CO., LTD.</li>
@@ -479,6 +481,7 @@
                   <li>Spanish National Cybersecurity Institute, S.A.</li>
                   <li>Splunk</li>
                   <li>STAR Labs SG Pte. Ltd.</li>
+                  <li>Switzerland National Cyber Security Centre (NCSC)</li>
                   <li>Synaptics</li>
                   <li>Synology Inc.</li>
                   <li>Talos</li>
@@ -504,6 +507,7 @@
                   <li>Western Digital</li>
                   <li>Wiz, Inc.</li>
                   <li>Wordfence</li>
+                  <li>Xerox Corporation</li>
                   <li>Xiaomi Technology Co Ltd</li>
                   <li>Yandex N.V.</li>
                   <li>Yokogawa Group</li>

src/views/ProgramOrganization/Board.vue

@@ -122,11 +122,12 @@
                     <li>Scott Blake</li>
                     <li>Harold Booth</li>
                     <li>Steve Christey Coley</li>
-                    <li>Andre Frech</li>
+                    <li>Mark Cox</li>
                   </ul>
                 </div>
                 <div class="column">
                   <ul>
+                    <li>Andre Frech</li>
                     <li>Chris Levendis</li>
                     <li>Elias Levy</li>
                     <li>Peter Mell</li>