Merge pull request #3134 from branch 'origin/main' into dev

Author: alinh-mitre

public/images/news/cveProgramReport/reservedCVEIDspublishedCVERecordsQuarterlyTrendQ2CY2024.png

@@ -8460,16 +8460,16 @@
     "country": "Taiwan"
   },
   {
-    "shortName": "SNPS",
+    "shortName": "BlackDuck",
     "cnaID": "CNA-2021-0013",
-    "organizationName": "Synopsys",
-    "scope": "All Synopsys SIG products, as well as vulnerabilities in third-party software discovered by Synopsys SIG that are not in another CNA’s scope",
+    "organizationName": "Black Duck Software, Inc.",
+    "scope": "All Black Duck (formerly Synopsys Software Integrity Group) products, as well as vulnerabilities in third-party software discovered by Black Duck that are not in another CNA’s scope",
     "contact": [
       {
         "email": [
           {
             "label": "Email",
-            "emailAddr": "psirt@synopsys.com"
+            "emailAddr": "psirt@blackduck.com"
           }
         ],
         "contact": [],
@@ -8480,15 +8480,15 @@
       {
         "label": "Policy",
         "language": "",
-        "url": "https://www.synopsys.com/company/legal/vulnerability-disclosure-policy.html"
+        "url": "https://www.blackduck.com/company/legal/vulnerability-disclosure-policy.html"
       }
     ],
     "securityAdvisories": {
       "alerts": [],
       "advisories": [
         {
           "label": "Advisories",
-          "url": "https://www.synopsys.com/blogs/software-security/"
+          "url": "https://www.blackduck.com/blog/category.cyrc.html#1"
         }
       ]
     },
@@ -21606,7 +21606,7 @@
     "country": "USA"
   },
   {
-    "shortName": "GitHub, Inc.",
+    "shortName": "OS-S",
     "cnaID": "CNA-2024-0031",
     "organizationName": "OpenSource Security GmbH",
     "scope": "Vulnerabilities discovered by or reported to OpenSource Security, unless covered by another CNA’s scope",
@@ -23479,5 +23479,229 @@
       ]
     },
     "country": "Taiwan"
+  },
+  {
+    "shortName": "Pall",
+    "cnaID": "CNA-2024-0065",
+    "organizationName": "Pall Corporation",
+    "scope": "Pall branded products only",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "productsecurity@pall.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.pall.com/en/about-pall/product-security-cvd.html"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.pall.com/en/about-pall/product-security-cvd/known-vulnerabilities.html"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "icscert",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "CISA",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
+      },
+      "type": [
+        "Vendor"
+      ]
+    },
+    "country": "USA"
+  },
+  {
+    "shortName": "MyMMT",
+    "cnaID": "CNA-2024-0066",
+    "organizationName": "Mammotome",
+    "scope": "All Mammotome products",
+    "contact": [
+      {
+        "email": [],
+        "contact": [
+          {
+            "label": "Mammotome Report a Vulnerability page",
+            "url": "https://www.mammotome.com/us/en/legal/product-security/report-a-security-vulnerability"
+          }
+        ],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.mammotome.com/us/en/legal/product-security/product-security-overview"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.mammotome.com/us/en/legal/product-security/product-security-updates"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "icscert",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "CISA",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
+      },
+      "type": [
+        "Vendor"
+      ]
+    },
+    "country": "USA"
+  },
+  {
+    "shortName": "wikimedia-foundation",
+    "cnaID": "CNA-2024-0067",
+    "organizationName": "The Wikimedia Foundation",
+    "scope": "Any code repository hosted under <a href='https://gerrit.wikimedia.org' target='_blank'>gerrit.wikimedia.org</a>, <a href='https://gitlab.wikimedia.org' target='_blank'>gitlab.wikimedia.org</a>, or <a href='https://github.com/wikimedia' target='_blank'>github.com/wikimedia</a> that is not labeled as archived or marked as a fork of an upstream project. Please see our <a href='https://www.mediawiki.org/wiki/Reporting_security_bugs' target='_blank'>disclosure policy</a> for additional exclusions to scope",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "security@wikimedia.org"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.mediawiki.org/wiki/Reporting_security_bugs"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://gitlab.wikimedia.org/repos/security/wikimedia-cve-assignments"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Open Source"
+      ]
+    },
+    "country": "USA"
+  },
+  {
+    "shortName": "RTI",
+    "cnaID": "CNA-2024-0068",
+    "organizationName": "Real-Time Innovations, Inc.",
+    "scope": "All RTI Connext products, including EOL products. See <a href='https://www.rti.com/products' target='_blank'>https://www.rti.com/products</a> for more information",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "security@rti.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://community.rti.com/static/documentation/connext-dds/current/doc/vulnerabilities/#rti-s-approach-to-vulnerability-detection-and-management"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://community.rti.com/static/documentation/connext-dds/current/doc/vulnerabilities/#"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Vendor"
+      ]
+    },
+    "country": "USA"
   }
 ]

src/assets/data/CNAsList.json

@@ -43,8 +43,8 @@
       "familyName": "Cox",
       "firstName": "William",
       "imageURL": "",
-      "organization": "Synopsys, Inc.",
-      "organizationURL": "https://www.synopsys.com/",
+      "organization": "Black Duck Software, Inc.",
+      "organizationURL": "https://www.blackduck.com/",
       "role": "Board"
     },
     {

src/assets/data/currentBoardMembersList.json

@@ -2,23 +2,10 @@
   "currentEvents": [
     {
       "id": 34,
-      "title": "CVE/FIRST VulnCon 2025",
-      "location": "Raleigh, North Carolina, USA & Virtual",
-      "description": "VulnCon 2025 is co-sponsored by the <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> and is open to the public.<br/><br/><strong>SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs)</strong>:<br/><i>VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.</i><br/><br/><strong>Program Overview</strong>:<br/>* Day 1: Monday, April 7 &mdash; TBA<br/>* Day 2: Tuesday, April 8 &mdash; TBA<br/>* Day 3: Wednesday, April 9 &mdash; TBA <br/>* Day 4: Thursday, April 10 &mdash; TBA<br/><br/><strong>Agenda</strong>:<br/> TBA<br/><br/> <strong>Call for Papers</strong>:<br/>TBA<br/><br/><strong>Registration</strong>:<br/><ul><li>Standard Admission (by March 9, 2025): US $300.00</li><li>Late Rate Admission (after March 9, 2025): US $375.00</li><li>Virtual Admission: US $100.00</li></ul>Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.<br/><br/>An After Party will be tentatively hosted off-site with tickets to be sold separately. More information to come. Tickets will cost US $25.00.<br/><br/>Registration will open in November 2024.<br/><br/><strong>Venue</strong>:<br/><a href='https://facilities.ofa.ncsu.edu/building/mck/' target='_blank'>McKimmon Center,<br/>North Carolina State University</a>,<br/>1101 Gorman St.,<br/> Raleigh, North Carolina 27606<br/>USA<br/><br/><strong>Purpose</strong>:<br/>The purpose of <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon</a> is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.<br/><br/>A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",
-      "permission": "public",
-      "url": "https://www.first.org/conference/vulncon2025/",
-      "date": {
-        "start": "2025-04-07",
-        "end": "2025-04-10",
-        "repeat": false
-      }
-    },
-    {
-      "id": 33,
       "displayOnHomepageOrder": 1,
       "title": "CVE Program Workshop – Autumn 2024",
       "location": "Virtual",
-      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT both days. Additional Details: TBA<br/><br/>Workshop “save the date” sent September 5, 2024.",
+      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT both days.<br/><br/>Workshop “save the date” announcement, with expected topics and other details, sent to partners on September 19, 2024.",
       "permission": "private",
       "url": "",
       "date": {
@@ -27,6 +14,20 @@
         "repeat": false
       }
     },
+    {
+      "id": 33,
+      "displayOnHomepageOrder": 2,
+      "title": "CVE/FIRST VulnCon 2025",
+      "location": "Raleigh, North Carolina, USA & Virtual",
+      "description": "VulnCon 2025 is co-sponsored by the <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> and is open to the public.<br/><br/><strong>SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs)</strong>:<br/><i>VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.</i><br/><br/><strong>Program Overview</strong>:<br/>* Day 1: Monday, April 7 &mdash; TBA<br/>* Day 2: Tuesday, April 8 &mdash; TBA<br/>* Day 3: Wednesday, April 9 &mdash; TBA <br/>* Day 4: Thursday, April 10 &mdash; TBA<br/><br/><strong>Agenda</strong>:<br/> TBA<br/><br/> <strong>Call for Papers</strong>:<br/>TBA<br/><br/><strong>Registration</strong>:<br/>Registration will open in November 2024.<br/><ul><li>Standard Admission (by March 9, 2025): US $300.00</li><li>Late Rate Admission (after March 9, 2025): US $375.00</li><li>Virtual Admission: US $100.00</li></ul>Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.<br/><br/>An After Party will be tentatively hosted off-site with tickets to be sold separately. More information to come. Tickets will cost US $25.00.<br/><br/><strong>Venue</strong>:<br/><a href='https://facilities.ofa.ncsu.edu/building/mck/' target='_blank'>McKimmon Center,<br/>North Carolina State University</a>,<br/>1101 Gorman St.,<br/> Raleigh, North Carolina 27606<br/>USA<br/><br/><strong>Purpose</strong>:<br/>The purpose of <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon</a> is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.<br/><br/>A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",
+      "permission": "public",
+      "url": "https://www.first.org/conference/vulncon2025/",
+      "date": {
+        "start": "2025-04-07",
+        "end": "2025-04-10",
+        "repeat": false
+      }
+    },
     {
       "id": 32,
       "title": "Vulnerability Conference and Events Working Group (VCEWG)",

src/assets/data/events.json

@@ -104,7 +104,7 @@
 				"questionId": "cve_nvd_relationship",
 				"questionText": "What is the relationship between CVE and the NVD (U.S. National Vulnerability Database)",
 				"questionResponseParagraphs": [
-					"<a href='/'>CVE</a> and <a href='https://nvd.nist.gov/' target='_blank'>NVD</a> are two separate programs. The CVE List was launched by the MITRE Corporation as a community effort in 1999. The U.S. National Vulnerability Database (NVD) was launched by the National Institute of Standards and Technology (NIST) in 2005. While separate, output from both programs is available to the public and free to use."
+					"<a href='/'>CVE</a> and <a href='https://nvd.nist.gov/' target='_blank'>NVD</a> are two separate programs. The CVE List was launched by the MITRE Corporation as a community effort in 1999. The U.S. National Vulnerability Database (NVD) was launched by the National Institute of Standards and Technology (NIST) in 2005. The CVE List feeds NVD, which historically has built upon the information included in CVE Records to provide enhanced information for each record in its database. While separate, output from both programs is available to the public and free to use."
 				]
 			}
 		]

src/assets/data/faqs.json

@@ -9,7 +9,7 @@
         },
         {
           "quarter": "2",
-          "value": "TBA"
+          "value": "11,716"
         },
         {
           "quarter": "3",
@@ -553,7 +553,7 @@
       "data": [
         {
           "quarter": "all",
-          "value": "13,499"
+          "value": "26,028"
         }
       ]
     },
@@ -1161,11 +1161,11 @@
         },
         {
           "month": "September",
-          "value": "7"
+          "value": "8"
         },
         {
           "month": "October",
-          "value": "TBA"
+          "value": "3"
         },
         {
           "month": "November",