diff --git a/public/images/news/BelowtheSurfacePodcastCVE.png b/public/images/news/BelowtheSurfacePodcastCVE.png new file mode 100644 index 000000000..653936a23 Binary files /dev/null and b/public/images/news/BelowtheSurfacePodcastCVE.png differ diff --git a/src/assets/data/CNAsList.json b/src/assets/data/CNAsList.json index facd6269f..1a124c286 100644 --- a/src/assets/data/CNAsList.json +++ b/src/assets/data/CNAsList.json @@ -12863,7 +12863,7 @@ ] }, "country": "USA" - }, + }, { "shortName": "GE_Healthcare", "cnaID": "CNA-2022-0018", @@ -12874,7 +12874,7 @@ "email": [ { "label": "Email", - "emailAddr": "GEHealthcareCVD@ge.com" + "emailAddr": "CVD@gehealthcare.com" } ], "contact": [], @@ -24513,5 +24513,400 @@ ] }, "country": "Taiwan" + }, + { + "shortName": "bizerba", + "cnaID": "CNA-2024-0083", + "organizationName": "Bizerba SE & Co. KG", + "scope": "Bizerba products only", + "contact": [ + { + "email": [ + { + "label": "Email", + "emailAddr": "security@bizerba.com" + } + ], + "contact": [], + "form": [] + } + ], + "disclosurePolicy": [ + { + "label": "Policy", + "language": "", + "url": "https://www.bizerba.com/int/en/family-owned-and-operated-company-since-1866/corporate-governance-acting-responsibly-globally/security-policy" + } + ], + "securityAdvisories": { + "alerts": [], + "advisories": [ + { + "label": "Advisories", + "url": "https://www.bizerba.com/us/en/family-owned-and-operated-company-since-1866/corporate-governance-acting-responsibly-globally/bizerba-security-information" + } + ] + }, + "resources": [], + "CNA": { + "isRoot": false, + "root": { + "shortName": "n/a", + "organizationName": "n/a" + }, + "roles": [ + { + "helpText": "", + "role": "CNA" + } + ], + "TLR": { + "shortName": "mitre", + "organizationName": "MITRE Corporation" + }, + "type": [ + "Vendor" + ] + }, + "country": "Germany" + }, + { + "shortName": "iManage", + "cnaID": "CNA-2024-0084", + "organizationName": "iManage LLC", + "scope": "iManage issues only", + "contact": [ + { + "email": [ + { + "label": "Email", + "emailAddr": "ProductVulnerability@imanage.com" + } + ], + "contact": [], + "form": [] + } + ], + "disclosurePolicy": [ + { + "label": "Policy", + "language": "", + "url": "https://docs.imanage.com/security/Vulnerability_Disclosure_Policy.html" + } + ], + "securityAdvisories": { + "alerts": [], + "advisories": [ + { + "label": "Advisories", + "url": "https://docs.imanage.com/security/Security_Vulnerabilities.html" + } + ] + }, + "resources": [], + "CNA": { + "isRoot": false, + "root": { + "shortName": "n/a", + "organizationName": "n/a" + }, + "roles": [ + { + "helpText": "", + "role": "CNA" + } + ], + "TLR": { + "shortName": "mitre", + "organizationName": "MITRE Corporation" + }, + "type": [ + "Vendor" + ] + }, + "country": "USA" + }, + { + "shortName": "Automox", + "cnaID": "CNA-2024-0085", + "organizationName": "Automox Inc.", + "scope": "All products created by Automox", + "contact": [ + { + "email": [ + { + "label": "Email", + "emailAddr": "disclosures@automox.com" + } + ], + "contact": [], + "form": [] + } + ], + "disclosurePolicy": [ + { + "label": "Policy", + "language": "", + "url": "https://www.automox.com/platform/security/responsible-disclosure" + } + ], + "securityAdvisories": { + "alerts": [], + "advisories": [ + { + "label": "Advisories", + "url": "https://www.automox.com/platform/security/security-bulletin" + } + ] + }, + "resources": [], + "CNA": { + "isRoot": false, + "root": { + "shortName": "n/a", + "organizationName": "n/a" + }, + "roles": [ + { + "helpText": "", + "role": "CNA" + } + ], + "TLR": { + "shortName": "mitre", + "organizationName": "MITRE Corporation" + }, + "type": [ + "Vendor", + "Hosted Service" + ] + }, + "country": "USA" + }, + { + "shortName": "Delinea", + "cnaID": "CNA-2024-0086", + "organizationName": "Delinea, Inc.", + "scope": "Vulnerabilities in Delinea products or services listed on delinea.com, or vulnerabilities in third-party products or services discovered by or reported to Delinea, unless covered by the scope of another CNA", + "contact": [ + { + "email": [ + { + "label": "Email", + "emailAddr": "security@delinea.com" + } + ], + "contact": [], + "form": [] + } + ], + "disclosurePolicy": [ + { + "label": "Policy", + "language": "", + "url": "https://trust.delinea.com/?itemUid=56583ca0-6561-4cf3-a150-8c0c45d214cf" + } + ], + "securityAdvisories": { + "alerts": [], + "advisories": [ + { + "label": "Advisories", + "url": "https://trust.delinea.com/" + } + ] + }, + "resources": [], + "CNA": { + "isRoot": false, + "root": { + "shortName": "n/a", + "organizationName": "n/a" + }, + "roles": [ + { + "helpText": "", + "role": "CNA" + } + ], + "TLR": { + "shortName": "mitre", + "organizationName": "MITRE Corporation" + }, + "type": [ + "Vendor", + "Hosted Service", + "Researcher" + ] + }, + "country": "USA" + }, + { + "shortName": "CEP", + "cnaID": "CNA-2024-0087", + "organizationName": "CEPHEID", + "scope": "Cepheid products", + "contact": [ + { + "email": [ + { + "label": "Email", + "emailAddr": "productsecurity@cepheid.com" + } + ], + "contact": [], + "form": [] + } + ], + "disclosurePolicy": [ + { + "label": "Policy", + "language": "", + "url": "https://www.cepheid.com/en-US/legal/product-security.html" + } + ], + "securityAdvisories": { + "alerts": [], + "advisories": [ + { + "label": "Advisories", + "url": "https://www.cepheid.com/en-US/legal/product-security/product-security-updates.html" + } + ] + }, + "resources": [], + "CNA": { + "isRoot": false, + "root": { + "shortName": "icscert", + "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)" + }, + "roles": [ + { + "helpText": "", + "role": "CNA" + } + ], + "TLR": { + "shortName": "CISA", + "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)" + }, + "type": [ + "Vendor" + ] + }, + "country": "USA" + }, + { + "shortName": "S21sec", + "cnaID": "CNA-2024-0088", + "organizationName": "S21sec Cyber Solutions by Thales", + "scope": "Vulnerabilities discovered by S21sec that are not within another CNA’s scope", + "contact": [ + { + "email": [ + { + "label": "Email", + "emailAddr": "cve-coordination@s21sec.com" + } + ], + "contact": [], + "form": [] + } + ], + "disclosurePolicy": [ + { + "label": "Policy", + "language": "", + "url": "https://www.s21sec.com/CVEdisclosurepolicy/" + } + ], + "securityAdvisories": { + "alerts": [], + "advisories": [ + { + "label": "Advisories", + "url": "https://www.s21sec.com/CVElist/" + } + ] + }, + "resources": [], + "CNA": { + "isRoot": false, + "root": { + "shortName": "n/a", + "organizationName": "n/a" + }, + "roles": [ + { + "helpText": "", + "role": "CNA" + } + ], + "TLR": { + "shortName": "mitre", + "organizationName": "MITRE Corporation" + }, + "type": [ + "Researcher" + ] + }, + "country": "Spain" + }, + { + "shortName": "Roche", + "cnaID": "CNA-2024-0089", + "organizationName": "Roche Diagnostics", + "scope": "Roche’s medical technology products", + "contact": [ + { + "email": [ + { + "label": "Email", + "emailAddr": "product.security@roche.com" + } + ], + "contact": [], + "form": [] + } + ], + "disclosurePolicy": [ + { + "label": "Policy", + "language": "", + "url": "https://diagnostics.roche.com/global/en/legal/vulnerability-and-incident-handling-policy.html" + } + ], + "securityAdvisories": { + "alerts": [], + "advisories": [ + { + "label": "Advisories", + "url": "https://diagnostics.roche.com/global/en/legal/product-security-advisory.html" + } + ] + }, + "resources": [], + "CNA": { + "isRoot": false, + "root": { + "shortName": "icscert", + "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)" + }, + "roles": [ + { + "helpText": "", + "role": "CNA" + } + ], + "TLR": { + "shortName": "CISA", + "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)" + }, + "type": [ + "Vendor" + ] + }, + "country": "Switzerland" } ] \ No newline at end of file diff --git a/src/assets/data/metrics.json b/src/assets/data/metrics.json index 85fef2a4c..e16c8897a 100644 --- a/src/assets/data/metrics.json +++ b/src/assets/data/metrics.json @@ -1173,7 +1173,7 @@ }, { "month": "December", - "value": "4" + "value": "11" } ] }, diff --git a/src/assets/data/news.json b/src/assets/data/news.json index fce2f4e56..795020626 100644 --- a/src/assets/data/news.json +++ b/src/assets/data/news.json @@ -1,5 +1,195 @@ { "currentNews": [ + { + "id": 460, + "newsType": "news", + "title": "Roche Diagnostics Added as CVE Numbering Authority (CNA)", + "urlKeywords": "Roche Diagnostics Added as CNA", + "date": "2024-12-17", + "description": [ + { + "contentnewsType": "paragraph", + "content": "Roche Diagnostics is now a CVE Numbering Authority (CNA) for Roche’s medical technology products." + }, + { + "contentnewsType": "paragraph", + "content": "To date, 432 CNAs (430 CNAs and 2 CNA-LRs) from 40 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Roche Diagnostics is the 10th CNA from Switzerland." + }, + { + "contentnewsType": "paragraph", + "content": "Roche Diagnostics’ Root is the Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS) Root." + } + ] + }, + { + "id": 459, + "newsType": "news", + "title": "S21sec Cyber Solutions by Thales Added as CVE Numbering Authority (CNA)", + "urlKeywords": "S21sec Added as CNA", + "date": "2024-12-17", + "description": [ + { + "contentnewsType": "paragraph", + "content": "CS21sec Cyber Solutions by Thales is now a CVE Numbering Authority (CNA) for vulnerabilities discovered by S21sec that are not within another CNA’s scope." + }, + { + "contentnewsType": "paragraph", + "content": "To date, 431 CNAs (429 CNAs and 2 CNA-LRs) from 40 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. CS21sec is the 7th CNA from Spain." + }, + { + "contentnewsType": "paragraph", + "content": "CS21sec’s Root is the MITRE Top-Level Root." + } + ] + }, + { + "id": 458, + "newsType": "news", + "title": "CEPHEID Added as CVE Numbering Authority (CNA)", + "urlKeywords": "CEPHEID Added as CNA", + "date": "2024-12-17", + "description": [ + { + "contentnewsType": "paragraph", + "content": "CEPHEID is now a CVE Numbering Authority (CNA) for Cepheid products." + }, + { + "contentnewsType": "paragraph", + "content": "To date, 430 CNAs (428 CNAs and 2 CNA-LRs) from 40 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. CEPHEID is the 233rd CNA from USA." + }, + { + "contentnewsType": "paragraph", + "content": "CEPHEID’s Root is the Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS) Root." + } + ] + }, + { + "id": 457, + "newsType": "news", + "title": "Delinea Added as CVE Numbering Authority (CNA)", + "urlKeywords": "Delinea Added as CNA", + "date": "2024-12-17", + "description": [ + { + "contentnewsType": "paragraph", + "content": "Delinea, Inc. is now a CVE Numbering Authority (CNA) for vulnerabilities in Delinea products or services listed on delinea.com, or vulnerabilities in third-party products or services discovered by or reported to Delinea, unless covered by the scope of another CNA." + }, + { + "contentnewsType": "paragraph", + "content": "To date, 429 CNAs (427 CNAs and 2 CNA-LRs) from 40 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Delinea is the 232nd CNA from USA." + }, + { + "contentnewsType": "paragraph", + "content": "Delinea’s Root is the MITRE Top-Level Root." + } + ] + }, + { + "id": 456, + "newsType": "news", + "title": "Automox Added as CVE Numbering Authority (CNA)", + "urlKeywords": "Automox Added as CNA", + "date": "2024-12-17", + "description": [ + { + "contentnewsType": "paragraph", + "content": "Automox Inc. is now a CVE Numbering Authority (CNA) for all products created by Automox." + }, + { + "contentnewsType": "paragraph", + "content": "To date, 428 CNAs (426 CNAs and 2 CNA-LRs) from 40 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Automox is the 231st CNA from USA." + }, + { + "contentnewsType": "paragraph", + "content": "Automox’s Root is the MITRE Top-Level Root." + } + ] + }, + { + "id": 455, + "newsType": "blog", + "title": "Vulnerability Data Enrichment for CVE Records: 233 CNAs on the Enrichment Recognition List for December 16, 2024", + "urlKeywords": "CNA Enrichment Recognition List Update", + "date": "2024-12-17", + "author": { + "name": "CVE Program", + "organization": { + "name": "CVE Program", + "url": "" + }, + "title": "", + "bio": "" + }, + "description": [ + { + "contentnewsType": "paragraph", + "content": "The “CNA Enrichment Recognition List” for December 16, 2024, is now available with 233 CNAs listed. Published every two weeks on the CVE website, the list recognizes those CVE Numbering Authorities (CNAs) that are actively providing enhanced vulnerability data in their CVE Records. CNAs are added to the list if they provide Common Vulnerability Scoring System (CVSS) and Common Weakness Enumeration (CWE™) information 98% of the time or more within the two-week period of their last published CVE Record." + }, + { + "contentnewsType": "paragraph", + "content": "For more about the recognition list, see “Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records.” To learn more about vulnerability information types like CVSS and CWE, see the CVE Record User Guide. View the most current CNA Enrichment Recognition List on the CVE website Metrics page here." + }, + { + "contentnewsType": "paragraph", + "content": "CNA Enrichment Recognition List for December 16, 2024, with 233 CNAs listed: " + } + ] + }, + { + "id": 454, + "displayOnHomepageOrder": 2, + "newsType": "blog", + "title": "CVE Program’s 25th Anniversary Is Main Topic of “Below the Surface” Podcast", + "urlKeywords": "CVE Below the Surface Podcast", + "date": "2024-12-17", + "author": { + "name": "CVE Program", + "organization": { + "name": "CVE Program", + "url": "" + }, + "title": "", + "bio": "" + }, + "description": [ + { + "contentnewsType": "paragraph", + "content": "The 25th anniversary of the Common Vulnerabilities and Exposures (CVE®) Program is the main topic of the “BTS #43 — CVE Turns 25” episode of Eclypsium’s “Below the Surface” podcast." + }, + { + "contentnewsType": "paragraph", + "content": "As noted on the Below the Surface episode’s web page, in the episode host Paul Asadoorian chats with CVE Program Lead Alec Summers and CVE Board member Lisa Olson about the “25th anniversary of the CVE Program, its evolution, and the importance of transparency in vulnerability management. They explore the history of CVE, the process of creating CVE Records, and the role of CNAs in ensuring accountability. The conversation also addresses challenges related to end-of-life software vulnerabilities and the need for maintaining the integrity of CVE Records in an ever-evolving cybersecurity landscape. In this conversation, the speakers discuss the complexities of managing and analyzing vulnerabilities in software, particularly focusing on the roles of CVE and CVSS in providing accurate and enriched data. They explore the challenges of combining vulnerabilities to assess cumulative risk, the importance of community engagement in improving CVE Records, and the evolving landscape of supply chain vulnerabilities. The discussion emphasizes the need for better data analysis methods, the significance of community involvement, and the ongoing efforts to enhance the quality and accessibility of vulnerability information.”" + }, + { + "contentnewsType": "image", + "imageWidth": "", + "href": "/news/BelowtheSurfacePodcastCVE.png", + "altText": "clypsium’s Below the Surface podcast | “CVE Turns 25 — BTS #43”", + "captionText": "“CVE Turns 25 — BTS #43” | From left to right: Paul Asidorian (host), Alec Summers, and Lisa Olson" + }, + { + "contentnewsType": "paragraph", + "content": "Listen to the full podcast episode here." + } + ] + }, + { + "id": 453, + "newsType": "news", + "title": "Minutes from CVE Board Teleconference Meeting on November 13 Now Available", + "urlKeywords": "CVE Board Minutes from November 13", + "date": "2024-12-17", + "description": [ + { + "contentnewsType": "paragraph", + "content": "The CVE Board held a teleconference meeting on November 13, 2024. Read the meeting minutes summary." + }, + { + "contentnewsType": "paragraph", + "content": "The CVE Board is the organization responsible for the strategic direction, governance, operational structure, policies, and rules of the CVE Program. The Board includes members from numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information." + } + ] + }, { "id": 452, "displayOnHomepageOrder": 1, @@ -159,7 +349,6 @@ }, { "id": 448, - "displayOnHomepageOrder": 2, "newsType": "blog", "title": "Registration Now Open for CVE/FIRST VulnCon 2025 on April 7-10, 2025!", "urlKeywords": "Registration Open for VulnCon 2025", diff --git a/src/components/cveRecordSearchModule.vue b/src/components/cveRecordSearchModule.vue index 5c69b2d54..4166b45aa 100644 --- a/src/components/cveRecordSearchModule.vue +++ b/src/components/cveRecordSearchModule.vue @@ -8,47 +8,19 @@ aria-labelledby="alertIconVariousFormts" aria-hidden="false" />
-

The CVE Test website has a new drop-down menu below.

-
    -
  1. -

    - Search Capability (Beta) Community testers – To beta-test the new search feature, select - “Search CVE List (Beta)” in the drop-down menu. The - production data is used and newly published data typically becomes searchable within less than - 30 minutes. - Access Search Tips - for more information on this new capability. -

    -

    - - Provide feedback on the new search capability - -

    - - . - . -

    -
    2. -
  2. - CNAs – to view your test data - (your draft records) select “Find a Test CVE Record/ID (Legacy)” in the drop-down menu and - provide a CVE ID to find a specific CVE Record. -
    3. -
+

+ CNAs – to view your test data + (your draft records) select “Find a Test CVE Record/ID (Legacy)” in the drop-down menu and + provide a CVE ID to find a specific CVE Record. +

-

@@ -98,15 +70,13 @@ let errorMessage = ref(''); let cveGenericGlobalsStore = useGenericGlobalsStore(); let cveRecordStore = usecveRecordStore(); -let searchType = ref('Search CVE List (Beta)'); +let searchType = ref('Search CVE List'); let cveId = cveRecordStore.cveId; -let showSearchHelpText = ref(false); - // this seems redundant, but it fixes an edge case. // if a user searches for a particular field, then on the results page flips the toggle, THEN refreshes without searching, this will keep the correct helper text showing. let searchTypeBoolean = computed(() => { - return searchType.value == 'Search CVE List (Beta)' ? true : false; + return searchType.value == 'Search CVE List' ? true : false; }); watch(searchType, () => { diff --git a/src/views/About/Metrics.vue b/src/views/About/Metrics.vue index 367b6d61b..4a148aca1 100644 --- a/src/views/About/Metrics.vue +++ b/src/views/About/Metrics.vue @@ -295,8 +295,8 @@

CNA Enrichment Recognition List

-

Last Updated:
- Total CNAs: 224

+

Last Updated:
+ Total CNAs: 233