1/14/25 release branch (#3411)

Author: rroberge

src/assets/data/CNAsList.json

@@ -2141,7 +2141,7 @@
     "shortName": "drupal",
     "cnaID": "CNA-2017-0002",
     "organizationName": "Drupal.org",
-    "scope": "All projects hosted under drupal.org only",
+    "scope": "All projects hosted under <a href='https://www.drupal.org' target='_blank'>drupal.org</a>, including End of Life (EOL) code",
     "contact": [
       {
         "email": [
@@ -24701,7 +24701,7 @@
         "email": [
           {
             "label": "Email",
-            "emailAddr": "security@delinea.com"
+            "emailAddr": "cve@delinea.com"
           }
         ],
         "contact": [],

src/assets/data/events.json

@@ -8,8 +8,8 @@
       "permission": "private",
       "url": "/ProgramOrganization/WorkingGroups#CVEArtificialIntelligenceWorkingGroupCVEAIWG",
       "date": {
-        "start": "2024-10-15",
-        "end": "2024-12-31",
+        "start": "2025-01-01",
+        "end": "2025-12-31",
         "repeat": {
           "day": "Monday",
           "recurrence": "biweekly"
@@ -51,8 +51,8 @@
       "permission": "private",
       "url": "/ProgramOrganization/WorkingGroups#VulnerabilityConferenceandEventsWorkingGroupVCEWG",
       "date": {
-        "start": "2024-01-01",
-        "end": "2024-12-31",
+        "start": "2025-01-01",
+        "end": "2025-12-31",
         "repeat": {
           "day": "Tuesday",
           "recurrence": "weekly"
@@ -184,8 +184,8 @@
       "permission": "private",
       "url": "/ProgramOrganization/WorkingGroups#TacticalWorkingGroupTWG",
       "date": {
-        "start": "2024-01-01",
-        "end": "2024-12-31",
+        "start": "2025-01-01",
+        "end": "2025-12-31",
         "repeat": {
           "day": "Thursday",
           "recurrence": "weekly"
@@ -373,7 +373,7 @@
         "end": "2024-12-31",
         "repeat": {
           "day": "Wednesday",
-          "recurrence": "weekly"
+          "recurrence": "biweekly"
         }
       }
     },
@@ -385,8 +385,8 @@
       "permission": "private",
       "url": "/ProgramOrganization/WorkingGroups#AutomationWorkingGroupAWG",
       "date": {
-        "start": "2024-01-01",
-        "end": "2024-12-31",
+        "start": "2025-01-01",
+        "end": "2025-12-31",
         "repeat": {
           "day": "Tuesday",
           "recurrence": "weekly"
@@ -401,8 +401,8 @@
       "permission": "private",
       "url": "/ProgramOrganization/WorkingGroups#CNAOrganizationOfPeersCOOP",
       "date": {
-        "start": "2024-01-01",
-        "end": "2024-12-31",
+        "start": "2025-01-01",
+        "end": "2025-12-31",
         "repeat": {
           "day": "Wednesday",
           "recurrence": "biweekly"
@@ -433,8 +433,8 @@
       "permission": "private",
       "url": "/ProgramOrganization/WorkingGroups#QualityWorkingGroupQWG",
       "date": {
-        "start": "2024-01-01",
-        "end": "2024-12-31",
+        "start": "2025-01-01",
+        "end": "2025-12-31",
         "repeat": {
           "day": "Thursday",
           "recurrence": "biweekly"
@@ -449,11 +449,11 @@
       "permission": "private",
       "url": "/ProgramOrganization/WorkingGroups#OutreachandCommunicationsWorkingGroupOCWG",
       "date": {
-        "start": "2024-01-01",
-        "end": "2024-12-31",
+        "start": "2025-01-01",
+        "end": "2025-12-31",
         "repeat": {
           "day": "Friday",
-          "recurrence": "weekly"
+          "recurrence": "biweekly"
         }
       }
     },

src/assets/data/news.json

@@ -1,5 +1,35 @@
 {
   "currentNews": [
+    {
+      "id": 467,
+      "newsType": "blog",
+      "title": "Vulnerability Data Enrichment for CVE Records: 236 CNAs on the Enrichment Recognition List for January 13, 2025",
+      "urlKeywords": "CNA Enrichment Recognition List Update",
+      "date": "2025-01-14",
+      "author": {
+        "name": "CVE Program",
+        "organization": {
+          "name": "CVE Program",
+          "url": ""
+        },
+        "title": "",
+        "bio": ""
+      },
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” for January 13, 2025, is now available with 236 CNAs listed. Published every two weeks on the CVE website, the list recognizes those <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> that are actively providing enhanced vulnerability data in their <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a>. CNAs are added to the list if they provide <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE&trade;)</a> information 98% of the time or more within the two-week period of their last published CVE Record."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "For more about the recognition list, see “<a href='/Media/News/item/blog/2024/09/10/CNA-Enrichment-Recognition-List'>Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records</a>.” To learn more about vulnerability information types like CVSS and CWE, see the <a href='/CVERecord/UserGuide'>CVE Record User Guide</a>. View the most current CNA Enrichment Recognition List on the CVE website Metrics page <a href='/About/Metrics#CNAEnrichmentRecognition'>here</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "CNA Enrichment Recognition List for January 13, 2025, with 236 CNAs listed: <ul><li>9front Systems</li><li>Absolute Software</li><li>Acronis International GmbH</li><li>Adobe Systems Incorporated</li><li>Advanced Micro Devices Inc.</li><li>AlgoSec</li><li>Alias Robotics S.L.</li><li>Amazon</li><li>AMI</li><li>AppCheck Ltd.</li><li>ARC Informatique</li><li>Asea Brown Boveri Ltd.</li><li>ASR Microelectronics Co., Ltd.</li><li>Autodesk</li><li>Automotive Security Research Group (ASRG)</li><li>Avaya Inc.</li><li>Axis Communications AB</li><li>Baicells Technologies Co., Ltd.</li><li>Baidu, Inc.</li><li>Baxter Healthcare</li><li>Becton, Dickinson and Company (BD)</li><li>BeyondTrust Inc.</li><li>Bitdefender</li><li>Black Duck Software, Inc.</li><li>BlackBerry</li><li>Brocade Communications Systems, Inc.</li><li>Canon EMEA</li><li>Canon Inc.</li><li>Carrier Global Corporation</li><li>Cato Networks</li><li>CERT.PL</li><li>CERT@VDE</li><li>Check Point Software Technologies Ltd.</li><li>Checkmarx</li><li>Checkmk GmbH</li><li>Ciena Corporation</li><li>cirosec GmbH</li><li>Cisco Systems, Inc.</li><li>ClickHouse, Inc.</li><li>Cloudflare, Inc.</li><li>Concrete CMS</li><li>CyberArk Labs</li><li>CyberDanube</li><li>Dassault Systèmes</li><li>Delinea, Inc.</li><li>Dell EMC</li><li>Dfinity Foundation</li><li>DirectCyber</li><li>Docker Inc.</li><li>dotCMS LLC</li><li>Dragos, Inc.</li><li>Dutch Institute for Vulnerability Disclosure (DIVD)</li><li>Eaton</li><li>Eclipse Foundation</li><li>ELAN Microelectronics Corp.</li><li>Elastic</li><li>EnterpriseDB Corporation</li><li>Environmental Systems Research Institute, Inc. (Esri)</li><li>Ericsson</li><li>ESET, spol. s r.o.</li><li>EU Agency for Cybersecurity (ENISA)</li><li>Exodus Intelligence</li><li>F5 Networks</li><li>Fedora Project (Infrastructure Software)</li><li>Flexera Software LLC</li><li>Fluid Attacks</li><li>Forcepoint</li><li>Forescout Technologies</li><li>ForgeRock, Inc.</li><li>Fortinet, Inc.</li><li>Fortra, LLC</li><li>Gallagher Group Ltd</li><li>GE Healthcare</li><li>Genetec Inc.</li><li>Gitea Limited</li><li>GitHub (maintainer security advisories)</li><li>GitHub Inc, (Products Only)</li><li>GitLab Inc.</li><li>Glyph & Cog, LLC</li><li>Google LLC</li><li>Grafana Labs</li><li>Gridware Cybersecurity</li><li>Hanwha Vision Co., Ltd.</li><li>HashiCorp Inc.</li><li>HCL Software</li><li>HeroDevs</li><li>HiddenLayer, Inc.</li><li>Hillstone Networks Inc.</li><li>Hitachi Energy</li><li>Hitachi Vantara</li><li>Hitachi, Ltd.</li><li>Honeywell International Inc.</li><li>HP Inc.</li><li>Huawei Technologies</li><li>HYPR Corp</li><li>ICS-CERT</li><li>Indian Computer Emergency Response Team (CERT-In)</li><li>Intel Corporation</li><li>Israel National Cyber Directorate</li><li>Ivanti</li><li>Jamf</li><li>JetBrains s.r.o.</li><li>JFROG</li><li>Johnson Controls</li><li>JPCERT/CC</li><li>Juniper Networks, Inc.</li><li>Kaspersky</li><li>KNIME AG</li><li>KrCERT/CC</li><li>Kubernetes</li><li>Lenovo Group Ltd.</li><li>Lexmark International Inc.</li><li>LG Electronics</li><li>Liferay, Inc.</li><li>Logitech</li><li>M-Files Corporation</li><li>ManageEngine</li><li>Mattermost, Inc</li><li>Mautic</li><li>Microchip Technology</li><li>Microsoft Corporation</li><li>Milestone Systems A/S</li><li>Mitsubishi Electric Corporation</li><li>MongoDB</li><li>Moxa Inc.</li><li>N-able</li><li>National Cyber Security Centre - Netherlands (NCSC-NL)</li><li>National Cyber Security Centre Finland</li><li>National Cyber Security Centre SK-CERT</li><li>National Instruments</li><li>NEC Corporation</li><li>Netflix, Inc.</li><li>Netskope</li><li>NLnet Labs</li><li>NortonLifeLock Inc</li><li>Nozomi Networks Inc.</li><li>Octopus Deploy</li><li>Okta</li><li>ONEKEY GmbH</li><li>Open Design Alliance</li><li>Open-Xchange</li><li>OpenAnolis</li><li>openEuler</li><li>OpenHarmony</li><li>OpenText (formerly Micro Focus)</li><li>OPPO</li><li>OTRS AG</li><li>Palantir Technologies</li><li>Palo Alto Networks</li><li>Panasonic Holdings Corporation</li><li>Pandora FMS</li><li>PaperCut Software Pty Ltd</li><li>Patchstack OÜ</li><li>Payara</li><li>Pegasystems</li><li>Pentraze Cybersecurity</li><li>Perforce</li><li>PHP Group</li><li>Ping Identity Corporation</li><li>PlexTrac, Inc.</li><li>PostgreSQL</li><li>Progress Software Corporation</li><li>Proofpoint Inc.</li><li>Protect AI</li><li>Pure Storage, Inc.</li><li>Python Software Foundation</li><li>QNAP Systems, Inc.</li><li>Qualcomm, Inc.</li><li>rami.io GmbH</li><li>Rapid7, Inc.</li><li>Real-Time Innovations, Inc.</li><li>Robert Bosch GmbH</li><li>SailPoint Technologies</li><li>Samsung TV & Appliance</li><li>SAP SE</li><li>SBA Research gGmbH</li><li>Schneider Electric SE</li><li>Schweitzer Engineering Laboratories, Inc.</li><li>Secomea</li><li>Securin</li><li>Security Risk Advisors</li><li>ServiceNow</li><li>SHENZHEN CoolKit Technology CO., LTD.</li><li>SICK AG</li><li>Siemens</li><li>Silicon Labs</li><li>Snow Software</li><li>Snyk</li><li>SoftIron</li><li>SolarWinds</li><li>Sonatype Inc.</li><li>Sophos</li><li>Spanish National Cybersecurity Institute, S.A.</li><li>Splunk</li><li>STAR Labs SG Pte. Ltd.</li><li>Suse</li><li>Switzerland National Cyber Security Centre (NCSC)</li><li>Symantec - A Division of Broadcom</li><li>Synaptics</li><li>Synology Inc.</li><li>Talos</li><li>TeamViewer Germany GmbH</li><li>Teltonika Networks</li><li>Temporal Technologies Inc.</li><li>Tenable Network Security, Inc.</li><li>Thales Group</li><li>The Document Foundation</li><li>The Missing Link Australia (TML)</li><li>The Tcpdump Group</li><li>TianoCore.org</li><li>Tigera</li><li>Toshiba Corporation</li><li>TR-CERT (Computer Emergency Response Team of the Republic of Turkey)</li><li>TWCERT/CC</li><li>TXOne Networks, Inc.</li><li>upKeeper Solutions</li><li>Vivo Mobile Communication Technology Co.,LTD.</li><li>VulDB</li><li>VulnCheck</li><li>VULSec Labs</li><li>WatchGuard Technologies, Inc.</li><li>Western Digital</li><li>Wiz, Inc.</li><li>Wordfence</li><li>Xerox Corporation</li><li>Xiaomi Technology Co Ltd</li><li>Yandex N.V.</li><li>Yokogawa Group</li><li>Yugabyte, Inc.</li><li>Zephyr Project</li><li>Zero Day Initiative</li><li>Zoom Video Communications, Inc.</li><li>Zscaler, Inc.</li><li>ZTE Corporation</li><li>ZUSO Advanced Research Team (ZUSO ART)</li><li>Zyxel Corporation</li></ul>"
+        }
+      ]
+    },
     {
       "id": 466,
       "newsType": "blog",

src/views/About/Metrics.vue

@@ -293,13 +293,10 @@
                   their last published CVE Record. For more information about vulnerability information types like CVSS and CWE, see the
                   <router-link to="/CVERecord/UserGuide">CVE Record User Guide</router-link>.
                 </p>
-                <p>
-                  <span class="is-italic">NOTE: The next update of the “CNA Enrichment Recognition List” will be on January 13, 2025.</span>
-                </p>
               </div>
               <h3 class="title">CNA Enrichment Recognition List</h3>
-              <p class="cve-help-text"><span class="has-text-weight-bold">Last Updated: </span><time>December 16, 2024</time><br/>
-              <span class="has-text-weight-bold">Total CNAs: </span>233</p>
+              <p class="cve-help-text"><span class="has-text-weight-bold">Last Updated: </span><time>January 13, 2025</time><br/>
+              <span class="has-text-weight-bold">Total CNAs: </span>236</p>
               <div>
                 <ul>
                   <li>9front Systems</li>
@@ -308,23 +305,24 @@
                   <li>Adobe Systems Incorporated</li>
                   <li>Advanced Micro Devices Inc.</li>
                   <li>AlgoSec</li>
+                  <li>Alias Robotics S.L.</li>
                   <li>Amazon</li>
                   <li>AMI</li>
                   <li>AppCheck Ltd.</li>
                   <li>ARC Informatique</li>
-                  <li>Arista Networks, Inc.</li>
                   <li>Asea Brown Boveri Ltd.</li>
                   <li>ASR Microelectronics Co., Ltd.</li>
-                  <li>ASUSTeK Computer Incorporation</li>
                   <li>Autodesk</li>
                   <li>Automotive Security Research Group (ASRG)</li>
                   <li>Avaya Inc.</li>
                   <li>Axis Communications AB</li>
                   <li>Baicells Technologies Co., Ltd.</li>
                   <li>Baidu, Inc.</li>
                   <li>Baxter Healthcare</li>
+                  <li>Becton, Dickinson and Company (BD)</li>
                   <li>BeyondTrust Inc.</li>
                   <li>Bitdefender</li>
+                  <li>Black Duck Software, Inc.</li>
                   <li>BlackBerry</li>
                   <li>Brocade Communications Systems, Inc.</li>
                   <li>Canon EMEA</li>
@@ -345,6 +343,8 @@
                   <li>CyberArk Labs</li>
                   <li>CyberDanube</li>
                   <li>Dassault Systèmes</li>
+                  <li>Delinea, Inc.</li>
+                  <li>Dell EMC</li>
                   <li>Dfinity Foundation</li>
                   <li>DirectCyber</li>
                   <li>Docker Inc.</li>
@@ -394,9 +394,7 @@
                   <li>HP Inc.</li>
                   <li>Huawei Technologies</li>
                   <li>HYPR Corp</li>
-                  <li>IBM Corporation</li>
                   <li>ICS-CERT</li>
-                  <li>IDEMIA</li>
                   <li>Indian Computer Emergency Response Team (CERT-In)</li>
                   <li>Intel Corporation</li>
                   <li>Israel National Cyber Directorate</li>
@@ -405,6 +403,8 @@
                   <li>JetBrains s.r.o.</li>
                   <li>JFROG</li>
                   <li>Johnson Controls</li>
+                  <li>JPCERT/CC</li>
+                  <li>Juniper Networks, Inc.</li>
                   <li>Kaspersky</li>
                   <li>KNIME AG</li>
                   <li>KrCERT/CC</li>
@@ -426,6 +426,7 @@
                   <li>Moxa Inc.</li>
                   <li>N-able</li>
                   <li>National Cyber Security Centre - Netherlands (NCSC-NL)</li>
+                  <li>National Cyber Security Centre Finland</li>
                   <li>National Cyber Security Centre SK-CERT</li>
                   <li>National Instruments</li>
                   <li>NEC Corporation</li>
@@ -443,6 +444,7 @@
                   <li>openEuler</li>
                   <li>OpenHarmony</li>
                   <li>OpenText (formerly Micro Focus)</li>
+                  <li>OPPO</li>
                   <li>OTRS AG</li>
                   <li>Palantir Technologies</li>
                   <li>Palo Alto Networks</li>
@@ -465,13 +467,10 @@
                   <li>Python Software Foundation</li>
                   <li>QNAP Systems, Inc.</li>
                   <li>Qualcomm, Inc.</li>
-                  <li>Qualys, Inc.</li>
                   <li>rami.io GmbH</li>
                   <li>Rapid7, Inc.</li>
                   <li>Real-Time Innovations, Inc.</li>
-                  <li>Red Hat, Inc.</li>
                   <li>Robert Bosch GmbH</li>
-                  <li>Rockwell Automation</li>
                   <li>SailPoint Technologies</li>
                   <li>Samsung TV & Appliance</li>
                   <li>SAP SE</li>
@@ -488,6 +487,7 @@
                   <li>Silicon Labs</li>
                   <li>Snow Software</li>
                   <li>Snyk</li>
+                  <li>SoftIron</li>
                   <li>SolarWinds</li>
                   <li>Sonatype Inc.</li>
                   <li>Sophos</li>
@@ -496,6 +496,7 @@
                   <li>STAR Labs SG Pte. Ltd.</li>
                   <li>Suse</li>
                   <li>Switzerland National Cyber Security Centre (NCSC)</li>
+                  <li>Symantec - A Division of Broadcom</li>
                   <li>Synaptics</li>
                   <li>Synology Inc.</li>
                   <li>Talos</li>
@@ -507,14 +508,12 @@
                   <li>The Document Foundation</li>
                   <li>The Missing Link Australia (TML)</li>
                   <li>The Tcpdump Group</li>
-                  <li>The Wikimedia Foundation</li>
                   <li>TianoCore.org</li>
                   <li>Tigera</li>
                   <li>Toshiba Corporation</li>
                   <li>TR-CERT (Computer Emergency Response Team of the Republic of Turkey)</li>
-                  <li>Trellix</li>
-                  <li>Trend Micro, Inc.</li>
                   <li>TWCERT/CC</li>
+                  <li>TXOne Networks, Inc.</li>
                   <li>upKeeper Solutions</li>
                   <li>Vivo Mobile Communication Technology Co.,LTD.</li>
                   <li>VulDB</li>
@@ -533,6 +532,7 @@
                   <li>Zero Day Initiative</li>
                   <li>Zoom Video Communications, Inc.</li>
                   <li>Zscaler, Inc.</li>
+                  <li>ZTE Corporation</li>
                   <li>ZUSO Advanced Research Team (ZUSO ART)</li>
                   <li>Zyxel Corporation</li>
                 </ul>

src/views/ProgramOrganization/WorkingGroups.vue

@@ -421,15 +421,15 @@
                 </tr>
                 <tr>
                   <td data-label="Working Group" style="width: 55%">Outreach and Communications Working Group (OCWG)</td>
-                  <td data-label="Meeting Time">Every Friday 9:00am ET</td>
+                  <td data-label="Meeting Time">Every other Friday 9:00am ET</td>
                 </tr>
                 <tr>
                   <td data-label="Working Group" style="width: 55%">Quality Working Group (QWG)</td>
                   <td data-label="Meeting Time">Every other Thursday 4:00pm ET</td>
                 </tr>
                 <tr>
                   <td data-label="Working Group" style="width: 55%">Strategic Planning Working Group (SPWG)</td>
-                  <td data-label="Meeting Time">Every Wednesday 4:00pm ET</td>
+                  <td data-label="Meeting Time">Every other Wednesday 4:00pm ET</td>
                 </tr>
                 <tr>
                   <td data-label="Working Group" style="width: 55%">Tactical Working Group (TWG)</td>