3/3/26 release branch (#3865)

* #3863 Update Related Efforts page

* #3862 "CNA Enrichment Recognition List" updates for 3/2/26 list

* #3861 Add 1 new CNA

* #3864 Add 1 Blog @ Q4 CY25 Program Summary Report

* #3861 Add 2 new CNAs

* prevent Partner List table width from expanding when displaying ALL partners

---------

Co-authored-by: Roy Lane <rlane@mitre.org>

Author: rroberge

public/images/news/cveProgramReport/reservedCVEIDspublishedCVERecordsQuarterlyTrendQ4CY2025.png

@@ -28472,5 +28472,117 @@
       ]
     },
     "country": "USA"
+  },
+  {
+    "shortName": "cygence",
+    "cnaID": "CNA-2026-0012",
+    "organizationName": "Cygence Pty Ltd",
+    "scope": "Issues in third-party products identified by, or reported, to Cygence, unless covered by the scope of another CNA.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "cve@cygence.com.au"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.cygence.com.au/disclosure-policy"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.cygence.com.au/vulnerability-disclosures"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "type": [
+        "Researcher"
+      ]
+    },
+    "country": "Australia"
+  },
+  {
+    "shortName": "TuranSec",
+    "cnaID": "CNA-2026-0013",
+    "organizationName": "Turan Security",
+    "scope": "Vulnerabilities discovered through independent research conducted by TuranSec to products and projects that are not CNAs themselves.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "security@turansec.uz"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://cve.turansec.uz/disclosure"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://cve.turansec.uz/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "redhat",
+        "organizationName": "Red Hat, Inc."
+      },
+      "type": [
+        "Researcher"
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ]
+    },
+    "country": "Uzbekistan"
   }
 ]

src/assets/data/CNAsList.json

@@ -1180,7 +1180,7 @@
         },
         {
           "month": "March",
-          "value": "TBA"
+          "value": "2"
         },
         {
           "month": "April",

src/assets/data/metrics.json

@@ -587,4 +587,16 @@ label {
 
 /* Other ends here*/
 
+// This is used to break long URLs so the "Scope" column of the Partner List
+// table doesn't expand and in turn cause the table width to go beyond the
+// parent's (DIV) width.  That also causes a horizontal scroll bar to show up.
+// The CSS has to be in global scope because the link (embedded in the scope
+// text in CNAsList.json) is added via "v-html" and Vue doesn't add the scope
+// tag to the "a" element in that case, so a scoped CSS won't apply.
+
+.partner_scope > a {
+  word-break: break-all;
+  display: inline-block;
+}
+
 /* Third party CSS */

src/assets/data/news.json

@@ -334,15 +334,16 @@
                 </p>
               </div>
               <h3 class="title">CNA Enrichment Recognition List</h3>
-              <p class="cve-help-text"><span class="has-text-weight-bold">Last Updated: </span><time>February 2, 2026</time><br/>
-              <span class="has-text-weight-bold">Total CNAs: </span>256</p>
+              <p class="cve-help-text"><span class="has-text-weight-bold">Last Updated: </span><time>March 2, 2026</time><br/>
+              <span class="has-text-weight-bold">Total CNAs: </span>259</p>
               <div>
                 <ul>
                   <li>Acronis International GmbH</li>
                   <li>Adobe Systems Incorporated</li>
                   <li>Advanced Micro Devices Inc.</li>
                   <li>Airbus</li>
                   <li>AlgoSec</li>
+                  <li>Alibaba, Inc.</li>
                   <li>Altera</li>
                   <li>Altium</li>
                   <li>Amazon</li>
@@ -361,36 +362,34 @@
                   <li>Axis Communications AB</li>
                   <li>AxxonSoft Limited</li>
                   <li>Azure Access Technology</li>
+                  <li>BeyondTrust Inc.</li>
                   <li>Bitdefender</li>
                   <li>Bizerba SE & Co. KG</li>
                   <li>Black Duck Software, Inc.</li>
                   <li>Black Lantern Security</li>
                   <li>BlackBerry</li>
+                  <li>Brocade Communications Systems LLC, a Broadcom Company</li>
                   <li>Bugcrowd Inc.</li>
                   <li>CA Technologies</li>
                   <li>Canon EMEA</li>
                   <li>Canon Inc.</li>
                   <li>Canonical Ltd.</li>
                   <li>Carrier Global Corporation</li>
-                  <li>Centreon</li>
                   <li>CERT.PL</li>
                   <li>CERT@VDE</li>
                   <li>Check Point Software Technologies Ltd.</li>
                   <li>Checkmarx</li>
                   <li>Checkmk GmbH</li>
                   <li>Cisco Systems, Inc.</li>
                   <li>Citrix Systems, Inc.</li>
-                  <li>Cloudflare, Inc.</li>
                   <li>Commvault Systems Inc</li>
-                  <li>Concrete CMS</li>
                   <li>ConnectWise LLC</li>
+                  <li>Crafter CMS</li>
                   <li>Crestron Electronics, Inc.</li>
                   <li>CrowdStrike Holdings, Inc.</li>
-                  <li>CyberArk Labs</li>
                   <li>CyberDanube</li>
                   <li>Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government</li>
                   <li>Dahua Technologies</li>
-                  <li>Danfoss</li>
                   <li>Dassault Systèmes</li>
                   <li>Delinea, Inc.</li>
                   <li>Dell EMC</li>
@@ -407,10 +406,8 @@
                   <li>Ericsson</li>
                   <li>Erlang Ecosystem Foundation</li>
                   <li>ESET, spol. s r.o.</li>
-                  <li>EU Agency for Cybersecurity (ENISA)</li>
                   <li>Extreme Networks, Inc.</li>
                   <li>F5 Networks</li>
-                  <li>Fedora Project (Infrastructure Software)</li>
                   <li>Fermax Technologies SLU</li>
                   <li>Financial Security Institute (FSI)</li>
                   <li>Flexera Software LLC</li>
@@ -420,7 +417,6 @@
                   <li>Fortra, LLC</li>
                   <li>Foxit Software Incorporated</li>
                   <li>Gallagher Group Ltd</li>
-                  <li>GE Vernova</li>
                   <li>Genetec Inc.</li>
                   <li>GitHub (maintainer security advisories)</li>
                   <li>GitHub Inc, (Products Only)</li>
@@ -429,25 +425,30 @@
                   <li>Google Cloud</li>
                   <li>Google LLC</li>
                   <li>Gridware Cybersecurity</li>
+                  <li>Hackrate Kft.</li>
+                  <li>HackRTU</li>
                   <li>Hallo Welt! GmbH</li>
                   <li>Hanwha Vision Co., Ltd.</li>
                   <li>Harborist</li>
                   <li>HashiCorp Inc.</li>
                   <li>HeroDevs</li>
                   <li>HiddenLayer, Inc.</li>
+                  <li>Hillstone Networks Inc.</li>
                   <li>Hitachi Energy</li>
                   <li>Hitachi Vantara</li>
                   <li>Hitachi, Ltd.</li>
                   <li>Honeywell International Inc.</li>
                   <li>Honor Device Co., Ltd.</li>
                   <li>HP Inc.</li>
+                  <li>Huawei Technologies</li>
                   <li>HYPR Corp</li>
                   <li>IBM Corporation</li>
                   <li>ICS-CERT</li>
                   <li>Indian Computer Emergency Response Team (CERT-In)</li>
                   <li>Insyde Software</li>
                   <li>Intel Corporation</li>
                   <li>Internet Systems Consortium (ISC)</li>
+                  <li>Intigriti</li>
                   <li>Israel National Cyber Directorate</li>
                   <li>Ivanti</li>
                   <li>Jamf</li>
@@ -459,6 +460,7 @@
                   <li>Juniper Networks, Inc.</li>
                   <li>Kaspersky</li>
                   <li>KNIME AG</li>
+                  <li>KrakenD, S.L.</li>
                   <li>KrCERT/CC</li>
                   <li>Kubernetes</li>
                   <li>Larry Cashdollar</li>
@@ -493,20 +495,21 @@
                   <li>OMRON Corporation</li>
                   <li>ONEKEY GmbH</li>
                   <li>Open Design Alliance</li>
-                  <li>Open-Xchange</li>
-                  <li>OpenHarmony</li>
                   <li>OpenJS Foundation</li>
                   <li>OpenText (formerly Micro Focus)</li>
                   <li>OpenVPN Inc.</li>
                   <li>OPPO</li>
                   <li>Palantir Technologies</li>
-                  <li>Palo Alto Networks</li>
                   <li>Panasonic Holdings Corporation</li>
                   <li>PaperCut Software Pty Ltd</li>
+                  <li>Payara</li>
                   <li>Pegasystems</li>
+                  <li>Pentraze Cybersecurity</li>
                   <li>PHP Group</li>
                   <li>Ping Identity Corporation</li>
+                  <li>PostgreSQL</li>
                   <li>Progress Software Corporation</li>
+                  <li>Project Black</li>
                   <li>Proofpoint Inc.</li>
                   <li>Protect AI</li>
                   <li>Pure Storage, Inc.</li>
@@ -521,10 +524,10 @@
                   <li>Red Hat, Inc.</li>
                   <li>Ribose Limited</li>
                   <li>Robert Bosch GmbH</li>
-                  <li>Roche Diagnostics</li>
                   <li>Rockwell Automation</li>
                   <li>S21sec Cyber Solutions by Thales</li>
                   <li>SailPoint Technologies</li>
+                  <li>Samsung TV & Appliance</li>
                   <li>SAP SE</li>
                   <li>Schneider Electric SE</li>
                   <li>Seagate Technology</li>
@@ -540,15 +543,16 @@
                   <li>Solidigm</li>
                   <li>Sonatype Inc.</li>
                   <li>Sophos</li>
-                  <li>StrongDM</li>
-                  <li>Super Micro Computer, Inc.</li>
+                  <li>Spanish National Cybersecurity Institute, S.A.</li>
+                  <li>Spartans Security</li>
                   <li>Suse</li>
                   <li>Switzerland National Cyber Security Centre (NCSC)</li>
                   <li>Symantec - A Division of Broadcom</li>
                   <li>Synaptics</li>
                   <li>Synology Inc.</li>
                   <li>Talos</li>
                   <li>Tanium Inc.</li>
+                  <li>TCS-CERT </li>
                   <li>TeamViewer Germany GmbH</li>
                   <li>Temporal Technologies Inc.</li>
                   <li>Tenable Network Security, Inc.</li>
@@ -561,29 +565,28 @@
                   <li>The Qt Company</li>
                   <li>The Rust Project</li>
                   <li>The Tcpdump Group</li>
-                  <li>The Wikimedia Foundation</li>
                   <li>TianoCore.org</li>
                   <li>TIBCO Software Inc.</li>
                   <li>Toreon</li>
                   <li>TP-Link Systems Inc.</li>
                   <li>TR-CERT (Computer Emergency Response Team of the Republic of Turkey)</li>
+                  <li>Trellix</li>
                   <li>Trend Micro, Inc.</li>
                   <li>TWCERT/CC</li>
                   <li>TYPO3 Association</li>
                   <li>upKeeper Solutions</li>
                   <li>Vaadin Ltd.</li>
-                  <li>VMware</li>
+                  <li>Vivo Mobile Communication Technology Co., LTD.</li>
                   <li>VulDB</li>
-                  <li>VulnCheck</li>
                   <li>WatchGuard Technologies, Inc.</li>
                   <li>Western Digital</li>
                   <li>Wind River Systems Inc.</li>
                   <li>Wiz, Inc.</li>
                   <li>wolfSSL Inc.</li>
                   <li>Wordfence</li>
-                  <li>WSO2 LLC</li>
                   <li>Xerox Corporation</li>
                   <li>Yandex N.V.</li>
+                  <li>Yokogawa Group</li>
                   <li>Yugabyte, Inc.</li>
                   <li>Zabbix</li>
                   <li>Zephyr Project</li>

src/assets/style/globals.scss

@@ -82,19 +82,13 @@
               Weaknesses in software and hardware may become exploitable vulnerabilities if not eliminated prior to software or hardware deployment.
             </p>
             <p>
-              The CWE Program also has special interest groups (SIGs) and working groups (WGs) for community participation, including the
+              The CWE Program also has special interest groups (SIGs) and working groups (WGs) for community participation, such as the
               <a href="https://cwe.mitre.org/community/working_groups.html#ai_wg" target="_blank">
                 Artificial Intelligence Working Group (AI WG)
-              </a>,
+              </a>
+              and
               <a href="https://cwe.mitre.org/community/working_groups.html#hw_sig" target="_blank">
                 Hardware CWE Special Interest Group (HW CWE SIG)
-              </a>,
-              <a href="https://cwe.mitre.org/community/working_groups.html#rcm_wg" target="_blank">
-                Root Cause Mapping Working Group (RCM WG)
-              </a>,
-              and
-              <a href="https://cwe.mitre.org/community/working_groups.html#ue_wg" target="_blank">
-                CWE User Experience Working Group (UEWG)
               </a>.
             </p>
 

src/views/About/Metrics.vue

@@ -179,7 +179,7 @@
                       {{CNA.organizationName}}
                     </router-link>
                   </th>
-                  <td data-label="Scope" v-html="CNA.scope"></td>
+                  <td class="partner_scope" data-label="Scope" v-html="CNA.scope"></td>
                   <td data-label="Program Role">
                     <span v-for="(role, index) in CNA.CNA.roles" :key="role+index">
                       {{role.role}}{{index  == CNA.CNA.roles.length-1 ? '' : ', '}}
@@ -191,7 +191,8 @@
               </tbody>
             </table>
             <p class="mb-2 cve-help-text">* Self-identified by CNA</p>
-            <nav class="pagination is-centered" aria-label="pagination">
+            <nav v-if="showPartnersCount !== 'All'"
+              class="pagination is-centered" aria-label="pagination">
               <button class="pagination-previous button cve-button cve-button-outline"
                 :class="{'disabled': pagination.currentPage > 1 ? false : true}" :aria-disabled="pagination.currentPage > 1 ? false : true"
                 @click=getPreviousPage>