Skip to content

Commit f36aa3f

Browse files
jdaigneau5jdaigneau5
authored
Merge pull request #3144 from CVEProject/content-rjr-3132
#3132 Add Enrichment List for 10/7/24 + related updates
2 parents 420b98a + bac5408 commit f36aa3f

File tree

3 files changed

+49
-12
lines changed

3 files changed

+49
-12
lines changed

src/assets/data/metrics.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -789,11 +789,11 @@
789789
"data": [
790790
{
791791
"heading": "All CNAs",
792-
"percentage": "81"
792+
"percentage": "83"
793793
},
794794
{
795795
"heading": "CNA-LRs",
796-
"percentage": "19"
796+
"percentage": "17"
797797
}
798798
]
799799
},

src/assets/data/news.json

Lines changed: 38 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,35 @@
11
{
22
"currentNews": [
3+
{
4+
"id": 419,
5+
"newsType": "blog",
6+
"title": "Vulnerability Data Enrichment for CVE Records: 217 CNAs on the Enrichment Recognition List for October 7, 2024",
7+
"urlKeywords": "CNA Enrichment Recognition List Update",
8+
"date": "2024-10-08",
9+
"author": {
10+
"name": "CVE Program",
11+
"organization": {
12+
"name": "CVE Program",
13+
"url": ""
14+
},
15+
"title": "",
16+
"bio": ""
17+
},
18+
"description": [
19+
{
20+
"contentnewsType": "paragraph",
21+
"content": "The “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” for October 7, 2024, is now available with 217 CNAs listed. Published every two weeks on the CVE website, the list recognizes those <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> that are actively providing enhanced vulnerability data in their <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a>. CNAs are added to the list if they provide <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE&trade;)</a> information 98% of the time or more within the two-week period of their last published CVE Record."
22+
},
23+
{
24+
"contentnewsType": "paragraph",
25+
"content": "For more about the recognition list, see “<a href='/Media/News/item/blog/2024/09/10/CNA-Enrichment-Recognition-List'>Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records</a>.” To learn more about vulnerability information types like CVSS and CWE, see the <a href='/CVERecord/UserGuide'>CVE Record User Guide</a>. View the CNA Enrichment Recognition List on the CVE website Metrics page <a href='/About/Metrics#CNAEnrichmentRecognition'>here</a>."
26+
},
27+
{
28+
"contentnewsType": "paragraph",
29+
"content": "CNA Enrichment Recognition List for October 7, 2024, with 217 CNAs listed: <ul><li>9front Systems</li><li>Absolute Software</li><li>Acronis International GmbH</li><li>Adobe Systems Incorporated</li><li>AlgoSec</li><li>AMI</li><li>AppCheck Ltd.</li><li>Arista Networks, Inc.</li><li>Asea Brown Boveri Ltd.</li><li>ASR Microelectronics Co., Ltd.</li><li>Autodesk</li><li>Automotive Security Research Group (ASRG)</li><li>Avaya Inc.</li><li>Baicells Technologies Co., Ltd.</li><li>Baidu, Inc.</li><li>Baxter Healthcare</li><li>Becton, Dickinson and Company (BD)</li><li>BeyondTrust Inc.</li><li>Bitdefender</li><li>BlackBerry</li><li>Brocade Communications Systems, Inc.</li><li>Canon EMEA</li><li>Canon Inc.</li><li>Carrier Global Corporation</li><li>Cato Networks</li><li>CERT.PL</li><li>CERT@VDE</li><li>Check Point Software Technologies Ltd.</li><li>Checkmarx</li><li>Checkmk GmbH</li><li>Ciena Corporation</li><li>cirosec GmbH</li><li>Cisco Systems, Inc.</li><li>ClickHouse, Inc.</li><li>Cloudflare, Inc.</li><li>Concrete CMS</li><li>CyberDanube</li><li>Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government</li><li>Dassault Systèmes</li><li>Dell EMC</li><li>Dfinity Foundation</li><li>DirectCyber</li><li>Docker Inc.</li><li>dotCMS LLC</li><li>Dragos, Inc.</li><li>Dutch Institute for Vulnerability Disclosure (DIVD)</li><li>Eaton</li><li>Eclipse Foundation</li><li>ELAN Microelectronics Corp.</li><li>Elastic</li><li>EnterpriseDB Corporation</li><li>Environmental Systems Research Institute, Inc. (Esri)</li><li>Ericsson</li><li>ESET, spol. s r.o.</li><li>EU Agency for Cybersecurity (ENISA)</li><li>Exodus Intelligence</li><li>F5 Networks</li><li>Fedora Project (Infrastructure Software)</li><li>Flexera Software LLC</li><li>Fluid Attacks</li><li>Forcepoint</li><li>ForgeRock, Inc.</li><li>Fortinet, Inc.</li><li>Fortra, LLC</li><li>Gallagher Group Ltd</li><li>GE Healthcare</li><li>Gitea Limited</li><li>GitHub (maintainer security advisories)</li><li>GitHub Inc, (Products Only)</li><li>GitLab Inc.</li><li>Glyph & Cog, LLC</li><li>Google LLC</li><li>Grafana Labs</li><li>Hallo Welt! GmbH</li><li>Hanwha Vision Co., Ltd.</li><li>HashiCorp Inc.</li><li>HeroDevs</li><li>HiddenLayer, Inc.</li><li>Hillstone Networks Inc.</li><li>Hitachi Energy</li><li>Hitachi Vantara</li><li>Hitachi, Ltd.</li><li>Honeywell International Inc.</li><li>HP Inc.</li><li>Huawei Technologies</li><li>HYPR Corp</li><li>IBM Corporation</li><li>ICS-CERT</li><li>IDEMIA</li><li>Indian Computer Emergency Response Team (CERT-In)</li><li>Intel Corporation</li><li>Israel National Cyber Directorate</li><li>Ivanti</li><li>JetBrains s.r.o.</li><li>Johnson Controls</li><li>Juniper Networks, Inc.</li><li>Kaspersky</li><li>KNIME AG</li><li>KrCERT/CC</li><li>Kubernetes</li><li>Lenovo Group Ltd.</li><li>Lexmark International Inc.</li><li>LG Electronics</li><li>Liferay, Inc.</li><li>Logitech</li><li>M-Files Corporation</li><li>ManageEngine</li><li>Mattermost, Inc</li><li>Mautic</li><li>Microchip Technology</li><li>Microsoft Corporation</li><li>Mitsubishi Electric Corporation</li><li>MongoDB</li><li>Moxa Inc.</li><li>N-able</li><li>National Cyber Security Centre - Netherlands (NCSC-NL)</li><li>National Cyber Security Centre SK-CERT</li><li>National Instruments</li><li>Netflix, Inc.</li><li>Netskope</li><li>Network Optix</li><li>NLnet Labs</li><li>NortonLifeLock Inc</li><li>Nozomi Networks Inc.</li><li>Nvidia Corporation</li><li>Octopus Deploy</li><li>Okta</li><li>ONEKEY GmbH</li><li>Open Design Alliance</li><li>Open-Xchange</li><li>OpenAnolis</li><li>openEuler</li><li>OpenHarmony</li><li>OpenText (formerly Micro Focus)</li><li>OTRS AG</li><li>Palantir Technologies</li><li>Palo Alto Networks</li><li>Panasonic Holdings Corporation</li><li>Pandora FMS</li><li>PaperCut Software Pty Ltd</li><li>Patchstack OÜ</li><li>Payara</li><li>Pegasystems</li><li>Pentraze Cybersecurity</li><li>Perforce (formerly Puppet)</li><li>Ping Identity Corporation</li><li>Progress Software Corporation</li><li>Proofpoint Inc.</li><li>Protect AI</li><li>Pure Storage, Inc.</li><li>QNAP Systems, Inc.</li><li>Qualcomm, Inc.</li><li>Qualys, Inc.</li><li>rami.io GmbH</li><li>Rapid7, Inc.</li><li>Robert Bosch GmbH</li><li>Rockwell Automation</li><li>SailPoint Technologies</li><li>Samsung TV & Appliance</li><li>SAP SE</li><li>SBA Research gGmbH</li><li>Schneider Electric SE</li><li>Schweitzer Engineering Laboratories, Inc.</li><li>Secomea</li><li>Security Risk Advisors</li><li>ServiceNow</li><li>SHENZHEN CoolKit Technology CO., LTD.</li><li>SICK AG</li><li>Siemens</li><li>Sierra Wireless Inc.</li><li>Silicon Labs</li><li>Snow Software</li><li>Snyk</li><li>SoftIron</li><li>SolarWinds</li><li>Sonatype Inc.</li><li>Sophos</li><li>Spanish National Cybersecurity Institute, S.A.</li><li>Splunk</li><li>STAR Labs SG Pte. Ltd.</li><li>Synaptics</li><li>Synology Inc.</li><li>Talos</li><li>TeamViewer Germany GmbH</li><li>Temporal Technologies Inc.</li><li>Tenable Network Security, Inc.</li><li>Thales Group</li><li>The Document Foundation</li><li>The Missing Link Australia (TML)</li><li>The OpenNMS Group</li><li>The Tcpdump Group</li><li>The Wikimedia Foundation</li><li>TianoCore.org</li><li>Tigera</li><li>Toshiba Corporation</li><li>TR-CERT (Computer Emergency Response Team of the Republic of Turkey)</li><li>Trellix</li><li>TWCERT/CC</li><li>upKeeper Solutions</li><li>VulDB</li><li>VulnCheck</li><li>WatchGuard Technologies, Inc.</li><li>Western Digital</li><li>Wiz, Inc.</li><li>Wordfence</li><li>Xiaomi Technology Co Ltd</li><li>Yandex N.V.</li><li>Yokogawa Group</li><li>Yugabyte, Inc.</li><li>Zabbix</li><li>Zephyr Project</li><li>Zero Day Initiative</li><li>Zoom Video Communications, Inc.</li><li>Zscaler, Inc.</li><li>ZTE Corporation</li><li>ZUSO Advanced Research Team (ZUSO ART)</li><li>Zyxel Corporation</li></ul>"
30+
}
31+
]
32+
},
333
{
434
"id": 418,
535
"newsType": "news",
@@ -342,7 +372,7 @@
342372
{
343373
"id": 412,
344374
"newsType": "blog",
345-
"title": "Vulnerability Data Enrichment for CVE Records: CNA Recognition List, September 23, 2024",
375+
"title": "Vulnerability Data Enrichment for CVE Records: 215 CNAs on the Enrichment Recognition List for September 23, 2024",
346376
"urlKeywords": "CNA Enrichment Recognition List Update",
347377
"date": "2024-09-24",
348378
"author": {
@@ -357,15 +387,19 @@
357387
"description": [
358388
{
359389
"contentnewsType": "paragraph",
360-
"content": "The “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” for September 23, 2024, is now available. Published every two weeks on the CVE website, the list recognizes those <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> that are actively providing enhanced vulnerability data in their <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a>. CNAs are added to the list if they provide <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE&trade;)</a> information 98% of the time or more within the two-week period of their last published CVE Record."
390+
"content": "The “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” for September 23, 2024, is now available with 215 CNAs listed. Published every two weeks on the CVE website, the list recognizes those <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> that are actively providing enhanced vulnerability data in their <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a>. CNAs are added to the list if they provide <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE&trade;)</a> information 98% of the time or more within the two-week period of their last published CVE Record."
391+
},
392+
{
393+
"contentnewsType": "paragraph",
394+
"content": "For more about the recognition list, see “<a href='/Media/News/item/blog/2024/09/10/CNA-Enrichment-Recognition-List'>Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records</a>.” To learn more about vulnerability information types like CVSS and CWE, see the <a href='/CVERecord/UserGuide'>CVE Record User Guide</a>. View the CNA Enrichment Recognition List on the CVE website Metrics page <a href='/About/Metrics#CNAEnrichmentRecognition'>here</a>."
361395
},
362396
{
363397
"contentnewsType": "paragraph",
364-
"content": "For more about the recognition list, see “<a href='/Media/News/item/blog/2024/09/10/CNA-Enrichment-Recognition-List'>Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records</a>.” To learn more about vulnerability information types like CVSS and CWE, see the <a href='/CVERecord/UserGuide'>CVE Record User Guide</a>."
398+
"content": "CNA Enrichment Recognition List for September 23, 2024, with 215 CNAs listed: <ul><li>9front Systems</li><li>Absolute Software</li><li>Acronis International GmbH</li><li>Adobe Systems Incorporated</li><li>AlgoSec</li><li>AMI</li><li>AppCheck Ltd.</li><li>Arista Networks, Inc.</li><li>Asea Brown Boveri Ltd.</li><li>ASR Microelectronics Co., Ltd.</li><li>Autodesk</li><li>Automotive Security Research Group (ASRG)</li><li>Avaya Inc.</li><li>Baicells Technologies Co., Ltd.</li><li>Baidu, Inc.</li><li>Baxter Healthcare</li><li>Becton, Dickinson and Company (BD)</li><li>BeyondTrust Inc.</li><li>Bitdefender</li><li>BlackBerry</li><li>Brocade Communications Systems, Inc.</li><li>Canon EMEA</li><li>Canon Inc.</li><li>Canonical Ltd.</li><li>Carrier Global Corporation</li><li>Cato Networks</li><li>CERT.PL</li><li>CERT@VDE</li><li>Check Point Software Technologies Ltd.</li><li>Checkmarx</li><li>Checkmk GmbH</li><li>Ciena Corporation</li><li>cirosec GmbH</li><li>ClickHouse, Inc.</li><li>Cloudflare, Inc.</li><li>Concrete CMS</li><li>CyberDanube</li><li>Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government</li><li>Dassault Systèmes</li><li>Dell EMC</li><li>Dfinity Foundation</li><li>DirectCyber</li><li>Docker Inc.</li><li>dotCMS LLC</li><li>Dragos, Inc.</li><li>Dutch Institute for Vulnerability Disclosure (DIVD)</li><li>Eaton</li><li>Eclipse Foundation</li><li>ELAN Microelectronics Corp.</li><li>Elastic</li><li>EnterpriseDB Corporation</li><li>Environmental Systems Research Institute, Inc. (Esri)</li><li>Ericsson</li><li>ESET, spol. s r.o.</li><li>EU Agency for Cybersecurity (ENISA)</li><li>Exodus Intelligence</li><li>F5 Networks</li><li>Flexera Software LLC</li><li>Fluid Attacks</li><li>Forcepoint</li><li>ForgeRock, Inc.</li><li>Fortinet, Inc.</li><li>Fortra, LLC</li><li>Gallagher Group Ltd</li><li>GE Healthcare</li><li>Gitea Limited</li><li>GitHub (maintainer security advisories)</li><li>GitHub Inc, (Products Only)</li><li>GitLab Inc.</li><li>Glyph & Cog, LLC</li><li>Google LLC</li><li>Grafana Labs</li><li>Hallo Welt! GmbH</li><li>Hanwha Vision Co., Ltd.</li><li>HashiCorp Inc.</li><li>HeroDevs</li><li>HiddenLayer, Inc.</li><li>Hillstone Networks Inc.</li><li>Hitachi Energy</li><li>Hitachi Vantara</li><li>Hitachi, Ltd.</li><li>Honeywell International Inc.</li><li>Huawei Technologies</li><li>HYPR Corp</li><li>IBM Corporation</li><li>ICS-CERT</li><li>IDEMIA</li><li>Illumio</li><li>Indian Computer Emergency Response Team (CERT-In)</li><li>Intel Corporation</li><li>Israel National Cyber Directorate</li><li>Ivanti</li><li>JetBrains s.r.o.</li><li>Johnson Controls</li><li>Juniper Networks, Inc.</li><li>Kaspersky</li><li>KNIME AG</li><li>KrCERT/CC</li><li>Kubernetes</li><li>Lenovo Group Ltd.</li><li>Lexmark International Inc.</li><li>LG Electronics</li><li>Liferay, Inc.</li><li>Logitech</li><li>M-Files Corporation</li><li>ManageEngine</li><li>Mattermost, Inc</li><li>Mautic</li><li>Microchip Technology</li><li>Microsoft Corporation</li><li>Mitsubishi Electric Corporation</li><li>MongoDB</li><li>Moxa Inc.</li><li>N-able</li><li>National Cyber Security Centre - Netherlands (NCSC-NL)</li><li>National Cyber Security Centre SK-CERT</li><li>National Instruments</li><li>Netflix, Inc.</li><li>Netskope</li><li>Network Optix</li><li>NLnet Labs</li><li>NortonLifeLock Inc</li><li>Nozomi Networks Inc.</li><li>Nvidia Corporation</li><li>Okta</li><li>ONEKEY GmbH</li><li>Open Design Alliance</li><li>Open-Xchange</li><li>OpenAnolis</li><li>openEuler</li><li>OpenHarmony</li><li>OpenText (formerly Micro Focus)</li><li>OTRS AG</li><li>Palantir Technologies</li><li>Palo Alto Networks</li><li>Panasonic Holdings Corporation</li><li>Pandora FMS</li><li>PaperCut Software Pty Ltd</li><li>Patchstack OÜ</li><li>Payara</li><li>Pegasystems</li><li>Pentraze Cybersecurity</li><li>Perforce (formerly Puppet)</li><li>Ping Identity Corporation</li><li>PostgreSQL</li><li>Progress Software Corporation</li><li>Proofpoint Inc.</li><li>Protect AI</li><li>Pure Storage, Inc.</li><li>QNAP Systems, Inc.</li><li>Qualcomm, Inc.</li><li>Qualys, Inc.</li><li>rami.io GmbH</li><li>Rapid7, Inc.</li><li>Red Hat, Inc.</li><li>Robert Bosch GmbH</li><li>Rockwell Automation</li><li>SailPoint Technologies</li><li>Samsung TV & Appliance</li><li>SAP SE</li><li>SBA Research gGmbH</li><li>Schneider Electric SE</li><li>Schweitzer Engineering Laboratories, Inc.</li><li>Secomea</li><li>Security Risk Advisors</li><li>ServiceNow</li><li>SHENZHEN CoolKit Technology CO., LTD.</li><li>SICK AG</li><li>Siemens</li><li>Sierra Wireless Inc.</li><li>Silicon Labs</li><li>Snow Software</li><li>Snyk</li><li>SoftIron</li><li>SolarWinds</li><li>Sonatype Inc.</li><li>Sophos</li><li>Spanish National Cybersecurity Institute, S.A.</li><li>Splunk</li><li>STAR Labs SG Pte. Ltd.</li><li>Synaptics</li><li>Synology Inc.</li><li>Synopsys</li><li>Talos</li><li>TeamViewer Germany GmbH</li><li>Temporal Technologies Inc.</li><li>Tenable Network Security, Inc.</li><li>Thales Group</li><li>The Document Foundation</li><li>The Missing Link Australia (TML)</li><li>The OpenNMS Group</li><li>The Tcpdump Group</li><li>TianoCore.org</li><li>Tigera</li><li>Toshiba Corporation</li><li>TR-CERT (Computer Emergency Response Team of the Republic of Turkey)</li><li>Trellix</li><li>TWCERT/CC</li><li>upKeeper Solutions</li><li>VulDB</li><li>VulnCheck</li><li>WatchGuard Technologies, Inc.</li><li>Western Digital</li><li>Wordfence</li><li>Yandex N.V.</li><li>Yokogawa Group</li><li>Yugabyte, Inc.</li><li>Zabbix</li><li>Zephyr Project</li><li>Zero Day Initiative</li><li>Zoom Video Communications, Inc.</li><li>Zscaler, Inc.</li><li>ZTE Corporation</li><li>ZUSO Advanced Research Team (ZUSO ART)</li><li>Zyxel Corporation</li></ul>"
365399
},
366400
{
367401
"contentnewsType": "paragraph",
368-
"content": "View the CNA Enrichment Recognition List <a href='/About/Metrics#CNAEnrichmentRecognition'>here</a>."
402+
"content": "<i>UPDATED: This article was updated on October 8, 2024, to add the total number of CNAs (i.e., 215) included on the CNA Enrichment Recognition List for September 23, 2024, to the title and first paragraph of the article. That entire list of 215 CNAs was also added to the article.</i>"
369403
}
370404
]
371405
},

0 commit comments

Comments
 (0)