2/24/26 release branch (#3859)

* #3853 Upate CVE Services page

* #3854 Fix bullet item code in section 3.2.6

* #3857 Update Metrics table 1 descriptive text

* #3858 News article @ Board Minutes from 1/21/26

* #3852 Add 1 new CNA

* #3857 text updates

* #3858 Add 1/21/26 minutes to Board Archive page

Author: rroberge

src/assets/data/CNAsList.json

@@ -28414,5 +28414,63 @@
       ]
     },
     "country": "Türkiye"
+  },
+  {
+    "shortName": "JupiterOne",
+    "cnaID": "CNA-2026-0011",
+    "organizationName": "JupiterOne, Inc.",
+    "scope": "All JupiterOne open source and commercial products.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "security@jupiterone.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.jupiterone.com/legal-and-security-hub"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://docs.jupiterone.io/release-notes/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "icscert",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
+      },
+      "type": [
+        "Vendor",
+        "Hosted Service",
+        "Researcher"
+      ],
+      "TLR": {
+        "shortName": "CISA",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ]
+    },
+    "country": "USA"
   }
 ]

src/assets/data/boardMeetings.json

@@ -1,5 +1,9 @@
 {
   "2026": [
+    {
+      "name": "January 21, 2026 - teleconference",
+      "path": "msg00314.html"
+    },
     {
       "name": "January 7, 2026 - teleconference",
       "path": "msg00310.html"

src/assets/data/cnaRules.json

@@ -171,7 +171,7 @@
             "3.2.5.2 As noted in <a href='/ResourcesSupport/AllResources/CNARules#section_1-2_Adherence'>1.2.3.1</a>, serious or repeated failure to adhere to the CNA Operational Rules MUST be reviewed by the appropriate Root. The CVE Board MAY revoke CNA status.",
             "3.2.6 CVE ID Assignment and Vulnerability Disclosure",
             "The CVE Program itself does not follow or require a specific Vulnerability disclosure policy. CNAs and other CVE Program participants operate under a variety of Vulnerability disclosure policies. Some CNAs do not directly participate in Vulnerability disclosure. Common elements of a Vulnerability disclosure policy include:",
-            "<ul><li>Making reasonable attempts to notify Suppliers</li><li>Providing good-quality Vulnerability reports</li><li>Describing Vulnerability report intake processes</li><li>Describing bug bounty policies and processes, if applicable</li><li>Setting expectations for response times</li><li>Providing an embargo period during which the Vulnerability will not be Publicly Disclosed <li>while the Supplier develops a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryF'>Fix</a> or mitigation</li><li>Coordinating the Public Disclosure date</li><li>Publishing Vulnerability advisories</li></ul>",
+            "<ul><li>Making reasonable attempts to notify Suppliers</li><li>Providing good-quality Vulnerability reports</li><li>Describing Vulnerability report intake processes</li><li>Describing bug bounty policies and processes, if applicable</li><li>Setting expectations for response times</li><li>Providing an embargo period during which the Vulnerability will not be Publicly Disclosed while the Supplier develops a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryFix'>Fix</a> or mitigation</li><li>Coordinating the Public Disclosure date</li><li>Publishing Vulnerability advisories</li></ul>",
             "3.2.6.1 CNAs MUST publish guidance that describes how the CNA assigns CVE IDs and publishes CVE Records within the context of Vulnerability disclosure.",
             "3.2.6.2 CNAs MUST provide a URL to their CVE ID assignment and Vulnerability disclosure policies that will be included in the <a href='/PartnerInformation/ListofPartners'>List of Partners</a>.",
             "3.2.6.3 CNAs MAY require CVE ID assignment to be made using specific processes or mechanisms. Such processes or mechanisms MUST NOT conflict with the CNA Operational Rules.",

src/assets/data/metrics.json

@@ -1176,7 +1176,7 @@
         },
         {
           "month": "February",
-          "value": "4"
+          "value": "5"
         },
         {
           "month": "March",

src/assets/data/news.json

@@ -1,5 +1,43 @@
 {
   "currentNews": [
+    {
+      "id": 633,
+      "newsType": "news",
+      "title": "JupiterOne Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "JupiterOne Added as CNA",
+      "date": "2026-02-24",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/JupiterOne'>JupiterOne, Inc.</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for all JupiterOne open source and commercial products."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>495 CNAs</a> (492 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>41 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. JupiterOne is the 266th CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "JupiterOne’s Root is the <a href='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 632,
+      "newsType": "news",
+      "title": "Minutes from CVE Board Teleconference Meeting on January 21 Now Available",
+      "urlKeywords": "CVE Board Minutes from January 21",
+      "date": "2026-02-24",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The <a href='/ProgramOrganization/Board'>CVE Board</a> held a teleconference meeting on January 21, 2026. Read the <a href='https://www.mail-archive.com/cve-editorial-board-list@mitre.org/msg00314.html' target='_blank'>meeting minutes summary</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVE Board is the organization responsible for the strategic direction, governance, operational structure, policies, and rules of the CVE Program. The Board includes members from numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information."
+        }
+      ]
+    },
     {
       "id": 631,
       "newsType": "news",

src/views/About/Metrics.vue

@@ -10,14 +10,16 @@
               <h2 :id="cvenavs['About']['submenu']['Metrics']['items']['Published CVE Records']['anchorId']" class="title">
                 {{cvenavs['About']['submenu']['Metrics']['items']['Published CVE Records']['label']}}
               </h2>
-              <p>Comparison of published <router-link to="/ResourcesSupport/Glossary?activeTerm=glossaryRecord">CVE Records
-                </router-link> by quarter for all years from 1999 to present.
+              <p>
+              Comparison of published
+              <router-link to="/ResourcesSupport/Glossary?activeTerm=glossaryRecord">CVE Records</router-link>
+              by quarter for all years from 1999 to present.
               </p>
               <p class="cve-help-text">
-                A CVE Record contains descriptive data, (i.e., a brief description and at least one reference) about a
-                <router-link to="/ResourcesSupport/Glossary?activeTerm=glossaryVulnerability">vulnerability</router-link> associated with
-                a <router-link to="/ResourcesSupport/Glossary?activeTerm=glossaryCVEID">CVE ID</router-link>. CVE Records are published by
-                <router-link to="/ResourcesSupport/Glossary?activeTerm=glossaryCNA">CVE Numbering Authorities (CNAs)</router-link>.
+                This metrics table reflects a point-in-time snapshot of published CVE Records taken after the end of each quarter.
+                As the year progresses, prior quarters are recalculated to reflect any status changes (e.g., to remove rejected records),
+                with a final reconciliation performed at year-end to ensure accurate annual totals.
+                Previous years are not recalculated when a new year starts.
               </p>
               <div class="field is-grouped is-grouped-right">
                 <label class="label">Sort by:</label>
@@ -61,7 +63,8 @@
               </p>
               <p class="cve-help-text">
                 A “Reserved” CVE ID is the initial state for a <router-link to="/ResourcesSupport/Glossary?activeTerm=glossaryRecord">
-                CVE Record</router-link>; when the associated CVE ID is reserved by a CNA.
+                CVE Record</router-link>; when the associated CVE ID is reserved by a
+                <router-link to="/ResourcesSupport/Glossary?activeTerm=glossaryCNA">CVE Numbering Authority (CNA)</router-link>.
               </p>
               <div class="field is-grouped is-grouped-right">
                 <label class="label">Sort by:</label>

src/views/ResourcesSupport/AllResources/CveServices.vue

@@ -147,8 +147,8 @@
               <p>
                 For additional information, visit the
                 <a href="https://github.com/CVEProject/cve-schema" target="_blank">cve-schema repository</a>
-                 on GitHub or watch the “CVE JSON 5.x: Introduction/Guidance/Q&A (2022)”, “CVE JSON 5.x Guidance (2023),” and
-                “CVE JSON 5.0 Experiences (2023)” videos:
+                 on GitHub or watch the “CVE JSON 5.x: Introduction/Guidance/Q&A (2022)”, “CVE JSON 5.x Guidance (2023),”
+                “CVE JSON 5.0 Experiences (2023)”, “Software ID: CPE and PURL (2025)”, and “CVE Record Format Roadmap (2025)”, videos:
               </p>
               <figure class="image is3by2">
                 <iframe class="has-ratio" src="https://www.youtube.com/embed/YWZECqzRI7M" title="CVE JSON 5.x: Introduction/Tips/Guidance/Q&A (2022)"
@@ -165,12 +165,22 @@
                   allowfullscreen>dcEJ2t2jwhE
                 </iframe>
               </figure>
+              <figure class="image is3by2">
+                <iframe class="has-ratio" src="https://www.youtube.com/embed/p6nbl58iL28?si=s6hMkZBcMS9V_6EM" title="Software ID: CPE and PURL (2025)" frameborder="0"
+                  allowfullscreen>dcEJ2t2jwhE
+                </iframe>
+              </figure>
+              <figure class="image is3by2">
+                <iframe class="has-ratio" src="https://www.youtube.com/embed/17rHENEiUIE?si=oHCW0o2_w4_GyGyl" title="CVE Record Format Roadmap (2025)" frameborder="0"
+                  allowfullscreen>dcEJ2t2jwhE
+                </iframe>
+              </figure>
 
 
               <h4 class="title">Current Version of CVE Record Format Schema</h4>
               <p>
                 The current official version of the CVE Record Format Schema in CVE JSON is
-                <a href="https://github.com/CVEProject/cve-schema/releases/tag/v5.1.1" target="_blank">Version 5.1.1</a>.
+                <a href="https://github.com/CVEProject/cve-schema/releases/tag/v5.2.0" target="_blank">Version 5.2.0</a>.
               </p>
               <p>
                 A single schema file with bundled dependencies is available in the
@@ -211,6 +221,7 @@
                 To obtain CVE Services Organizational Administrator (OA) credentials, CNAs should contact their Root
                 (<router-link to="/PartnerInformation/ListofPartners/partner/icscert">CISA ICS</router-link>,
                 <router-link to="/PartnerInformation/ListofPartners/partner/CERTVDE">CERT@VDE</router-link>,
+                <router-link to='/PartnerInformation/ListofPartners/partner/ENISA'>ENISA</router-link>,
                 <router-link to="/PartnerInformation/ListofPartners/partner/Google">Google</router-link>,
                 <router-link to="/PartnerInformation/ListofPartners/partner/INCIBE">INCIBE</router-link>,
                 <router-link to="/PartnerInformation/ListofPartners/partner/jpcert">JPCERT/CC</router-link>,
@@ -642,7 +653,7 @@
               <ul>
                 <li>
                   <a href="https://github.com/CVEProject/cve-schema/releases" target="_blank">
-                    CVE JSON 5.1.1 Schema (Current Version)
+                    CVE JSON Schema (Current Version)
                   </a>
                 </li>
                 <li>
@@ -671,6 +682,10 @@
               </ul>
               <p>Other helpful resources:</p>
               <ul>
+                <li>
+                  <a href="https://www.youtube.com/playlist?list=PLWfD9RQVdJ6dT8VZntG-DsK7c34rNNMMv" target="_blank">
+                  CVE Program CNA Workshop 2025 (12 Videos)</a>
+                </li>
                 <li>
                   <a href="https://www.youtube.com/playlist?list=PLWfD9RQVdJ6c4D_PAvO9hgtQSDTD2epOo" target="_blank">
                   CVE Program CNA Workshop 2024 (15 Videos)</a>