Merge pull request #3069 from emote-tracking branch 'origin/content-rjr-3067' into test

ann-linh-mitre · ann-linh-mitre · commit 83267a9efe11 · 2024-09-10T16:22:23.000-04:00
diff --git a/src/assets/data/news.json b/src/assets/data/news.json
@@ -1,5 +1,55 @@
 {
   "currentNews": [
+    {
+      "id": 405,
+      "newsType": "blog",
+      "title": "Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records",
+      "urlKeywords": "CNA Enrichment Recognition List",
+      "date": "2024-09-10",
+      "author": {
+        "name": "CVE Program",
+        "organization": {
+          "name": "CVE Program",
+          "url": ""
+        },
+        "title": "",
+        "bio": ""
+      },
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVE Program now publishes a “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” every two weeks on the <a href='/About/Metrics'>Metrics</a> page on the CVE website to recognize <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> that are actively enriching their <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> by adding <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE&trade;) </a> information."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "<h3>Background</h3>"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Getting more precise and quality vulnerability information in the hands of defenders and downstream customers on a timelier basis helps the cybersecurity community better address risks. Additional vulnerability-related information provides increased transparency, enables vulnerability root cause understanding, and helps prioritize vulnerability and incident response. Information standards and knowledge repositories like <a href='https://www.first.org/cvss/' target='_blank'>CVSS</a> and <a href='https://cwe.mitre.org/' target='_blank'>CWE</a>, among others, help provide a common language for this additional information."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "In April 2024, the CVE Program <a href='/Media/News/item/blog/2024/04/30/New-CVE-Record-Format-Enables-Additional-Data'>highlighted how its data format evolved</a> to better facilitate automation and data enrichment. This means that <a href='/ProgramOrganization/CNAs'>CNAs</a>, as the authoritative source of vulnerability information within their scopes, and those with access to the most reliable source for accurate determinations, can easily provide data enrichment directly to a CVE Record, as opposed to waiting for a third-party to do so in a less timely and potentially less accurate manner. As such, the CVE Program called on all CNAs to provide this enrichment to their CVE Records directly, and, in so doing, contribute more substantially to the vulnerability management process. Many CNAs answered that call."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "<h3>CNA Enrichment Recognition List</h3>"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "In recognition of CNAs providing enhanced vulnerability data in their CVE Records, the CVE Program will now publish a “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” every two weeks."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "CNAs will be added to the list if they provide <a href='https://www.first.org/cvss/' target='_blank'>CVSS</a> and <a href='https://cwe.mitre.org/' target='_blank'>CWE</a> information 98% of the time or more within the two-week period of their last published CVE Record. This being the first iteration of such a list, the criteria may be adjusted in the future. For more information about vulnerability information types like CVSS and CWE, see the <a href='/CVERecord/UserGuide'>CVE Record User Guide</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "View the current CNA Enrichment Recognition List <a href='/About/Metrics#CNAEnrichmentRecognition'>here</a>."
+        }
+      ]
+    },
     {
       "id": 404,
       "newsType": "news",
diff --git a/src/views/About/Metrics.vue b/src/views/About/Metrics.vue
@@ -280,10 +280,10 @@
                   This means that
                   <router-link to="/ProgramOrganization/CNAs">CNAs</router-link>,
                   as the authoritative source of vulnerability information within their scope, and those with access to the most reliable
-                  source for accurate determinations, can easily provide data enrichment directly to CVE as opposed to waiting
+                  source for accurate determinations, can easily provide data enrichment directly to a CVE Record, as opposed to waiting
                   for a third-party to do so in a less timely and potentially less accurate manner. As such, the CVE Program called on all
-                  CNAs to provide this enrichment to CVE directly, and in so doing, contribute more substantially to the vulnerability
-                  management process. Many have answered that call.
+                  CNAs to provide this enrichment to their CVE Records directly, and, in so doing, contribute more substantially to the
+                  vulnerability management process. Many have answered that call.
                 </p>
                 <p>
                   In recognition of these CNAs, the CVE Program publishes this “CNA Enrichment Recognition List” every two weeks. Currently,
