Merge pull request #3109 from CVEProject/test

update main with Test

Author: alinh-mitre

src/assets/data/CNAsList.json

@@ -23479,5 +23479,61 @@
       ]
     },
     "country": "Taiwan"
+  },
+  {
+    "shortName": "Pall",
+    "cnaID": "CNA-2024-0065",
+    "organizationName": "Pall Corporation",
+    "scope": "Pall branded products only",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "productsecurity@pall.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.pall.com/en/about-pall/product-security-cvd.html"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.pall.com/en/about-pall/product-security-cvd/known-vulnerabilities.html"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "icscert",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "CISA",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
+      },
+      "type": [
+        "Vendor"
+      ]
+    },
+    "country": "USA"
   }
 ]

src/assets/data/events.json

@@ -1,11 +1,25 @@
 {
   "currentEvents": [
     {
-      "id": 33,
+      "id": 34,
       "displayOnHomepageOrder": 1,
+      "title": "CVE Program Workshop – Autumn 2024",
+      "location": "Virtual",
+      "description": "A collaborative virtual community event of CVE Partners focused on improving CVE.<br/><br/>Event Time: 10:00 AM to 2:00 PM EDT both days.<br/><br/>Workshop “save the date” announcement, with expected topics and other details, sent to partners on September 19, 2024.",
+      "permission": "private",
+      "url": "",
+      "date": {
+        "start": "2024-10-29",
+        "end": "2024-10-30",
+        "repeat": false
+      }
+    },
+    {
+      "id": 33,
+      "displayOnHomepageOrder": 2,
       "title": "CVE/FIRST VulnCon 2025",
       "location": "Raleigh, North Carolina, USA & Virtual",
-      "description": "VulnCon 2025 is co-sponsored by the <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> and is open to the public.<br/><br/><strong>SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs)</strong>:<br/><i>VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.</i><br/><br/><strong>Program Overview</strong>:<br/>* Day 1: Monday, April 7 &mdash; TBA<br/>* Day 2: Tuesday, April 8 &mdash; TBA<br/>* Day 3: Wednesday, April 9 &mdash; TBA <br/>* Day 4: Thursday, April 10 &mdash; TBA<br/><br/><strong>Agenda</strong>:<br/> TBA<br/><br/> <strong>Call for Papers</strong>:<br/>TBA<br/><br/><strong>Registration</strong>:<br/><ul><li>Standard Admission (by March 9, 2025): US $300.00</li><li>Late Rate Admission (after March 9, 2025): US $375.00</li><li>Virtual Admission: US $100.00</li></ul>Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.<br/><br/>An After Party will be tentatively hosted off-site with tickets to be sold separately. More information to come. Tickets will cost US $25.00.<br/><br/>Registration will open in November 2024.<br/><br/><strong>Venue</strong>:<br/><a href='https://facilities.ofa.ncsu.edu/building/mck/' target='_blank'>McKimmon Center,<br/>North Carolina State University</a>,<br/>1101 Gorman St.,<br/> Raleigh, North Carolina 27606<br/>USA<br/><br/><strong>Purpose</strong>:<br/>The purpose of <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon</a> is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.<br/><br/>A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",
+      "description": "VulnCon 2025 is co-sponsored by the <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> and is open to the public.<br/><br/><strong>SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs)</strong>:<br/><i>VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.</i><br/><br/><strong>Program Overview</strong>:<br/>* Day 1: Monday, April 7 &mdash; TBA<br/>* Day 2: Tuesday, April 8 &mdash; TBA<br/>* Day 3: Wednesday, April 9 &mdash; TBA <br/>* Day 4: Thursday, April 10 &mdash; TBA<br/><br/><strong>Agenda</strong>:<br/> TBA<br/><br/> <strong>Call for Papers</strong>:<br/>TBA<br/><br/><strong>Registration</strong>:<br/>Registration will open in November 2024.<br/><ul><li>Standard Admission (by March 9, 2025): US $300.00</li><li>Late Rate Admission (after March 9, 2025): US $375.00</li><li>Virtual Admission: US $100.00</li></ul>Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.<br/><br/>An After Party will be tentatively hosted off-site with tickets to be sold separately. More information to come. Tickets will cost US $25.00.<br/><br/><strong>Venue</strong>:<br/><a href='https://facilities.ofa.ncsu.edu/building/mck/' target='_blank'>McKimmon Center,<br/>North Carolina State University</a>,<br/>1101 Gorman St.,<br/> Raleigh, North Carolina 27606<br/>USA<br/><br/><strong>Purpose</strong>:<br/>The purpose of <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon</a> is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.<br/><br/>A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",
       "permission": "public",
       "url": "https://www.first.org/conference/vulncon2025/",
       "date": {

src/assets/data/faqs.json

@@ -104,7 +104,7 @@
 				"questionId": "cve_nvd_relationship",
 				"questionText": "What is the relationship between CVE and the NVD (U.S. National Vulnerability Database)",
 				"questionResponseParagraphs": [
-					"<a href='/'>CVE</a> and <a href='https://nvd.nist.gov/' target='_blank'>NVD</a> are two separate programs. The CVE List was launched by the MITRE Corporation as a community effort in 1999. The U.S. National Vulnerability Database (NVD) was launched by the National Institute of Standards and Technology (NIST) in 2005. While separate, output from both programs is available to the public and free to use."
+					"<a href='/'>CVE</a> and <a href='https://nvd.nist.gov/' target='_blank'>NVD</a> are two separate programs. The CVE List was launched by the MITRE Corporation as a community effort in 1999. The U.S. National Vulnerability Database (NVD) was launched by the National Institute of Standards and Technology (NIST) in 2005. The CVE List feeds NVD, which historically has built upon the information included in CVE Records to provide enhanced information for each record in its database. While separate, output from both programs is available to the public and free to use."
 				]
 			}
 		]

src/assets/data/metrics.json

@@ -1161,7 +1161,7 @@
         },
         {
           "month": "September",
-          "value": "7"
+          "value": "8"
         },
         {
           "month": "October",

src/assets/data/news.json

@@ -1,5 +1,56 @@
 {
   "currentNews": [
+    {
+      "id": 412,
+      "newsType": "blog",
+      "title": "Vulnerability Data Enrichment for CVE Records: CNA Recognition List, September 23, 2024",
+      "urlKeywords": "CNA Enrichment Recognition List Update",
+      "date": "2024-09-24",
+      "author": {
+        "name": "CVE Program",
+        "organization": {
+          "name": "CVE Program",
+          "url": ""
+        },
+        "title": "",
+        "bio": ""
+      },
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” for September 23, 2024, is now available. Published every two weeks on the CVE website, the list recognizes those <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> that are actively providing enhanced vulnerability data in their <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a>. CNAs are added to the list if they provide <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE&trade;)</a> information 98% of the time or more within the two-week period of their last published CVE Record."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "For more about the recognition list, see “<a href='/Media/News/item/blog/2024/09/10/CNA-Enrichment-Recognition-List'>Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records</a>.” To learn more about vulnerability information types like CVSS and CWE, see the <a href='/CVERecord/UserGuide'>CVE Record User Guide</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "View the CNA Enrichment Recognition List <a href='/About/Metrics#CNAEnrichmentRecognition'>here</a>."
+        }
+      ]
+    },
+    {
+      "id": 411,
+      "newsType": "news",
+      "title": "Pall Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Pall Added as CNA",
+      "date": "2024-09-24",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/Pall'>Pall Corporation</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for Pall branded products only."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>408 CNAs</a> (406 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Pall is the 220th CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Pall’s Root is the <a href='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS Root</a>."
+        }
+      ]
+    },
     {
       "id": 410,
       "newsType": "news",
@@ -9,7 +60,7 @@
       "description": [
         {
           "contentnewsType": "paragraph",
-          "content": "<a href='/PartnerInformation/ListofPartners/partner/ASUS'>ASUSTeK Computer Incorporation</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for ASUS issues only."
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/ASUS'>ASUSTeK Computer Incorporation</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for ASUS issues only. Read the ASUS news release: “<a href='https://press.asus.com/news/press-releases/asus-cve-authority-product-security/' target='_blank'>ASUS Authorized by the CVE Program as a CVE Numbering Authority (CNA)</a>.”"
         },
         {
           "contentnewsType": "paragraph",
@@ -81,7 +132,7 @@
       "description": [
         {
           "contentnewsType": "paragraph",
-          "content": "The <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> will co-host <i><a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon 2025</a></i> at the McKimmon Center in Raleigh, North Carolina, USA, on April 7-10, 2025. The call for papers, and virtual and in-person registration options, are TBA."
+          "content": "The <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> will co-host <i><a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon 2025</a></i> at the McKimmon Center in Raleigh, North Carolina, USA, on April 7-10, 2025. Registration, both virtual and in-person, will open in November 2024."
         },
         {
           "contentnewsType": "image",
@@ -104,11 +155,11 @@
         },
         {
           "contentnewsType": "paragraph",
-          "content": "We have an action-packed docket of dynamic speakers and cross-industry topics that we feel will accelerate collaboration within the vulnerability management and standards/frameworks space! This will be a must-see event for anyone involved in researching, reporting, triaging, mitigating, and communicating about security vulnerabilities. Some highlights from the agenda include: <ul><li>40+ sessions across 4 full days of content and networking/collaboration</li><li>PSIRTs, Vulnerability SIGs, Working Groups, and other vulnerability ecosystem experts presenting about CVE, CVSS, EPSS, KEV, VEX, CVD, SBOM, Incident Response, and others!</li><li>Speakers from CISA, MITRE, ENISA, global CERT teams, the OpenSSF, FIRST, and other renown industry experts</li><li>Actionable advice on how to engage with CVD across ecosystem stakeholders and how to use and align the assorted vuln metadata tools, frameworks, and standards</li></ul>"
+          "content": "We have an action-packed docket of dynamic speakers and cross-industry topics that we feel will accelerate collaboration within the vulnerability management and standards/frameworks space! This will be a must-see event for anyone involved in researching, reporting, triaging, mitigating, and communicating about security vulnerabilities. Some highlights from the agenda include: <ul><li>40+ sessions across 4 full days of content and networking/collaboration</li><li>PSIRTs, Vulnerability SIGs, Working Groups, and other vulnerability ecosystem experts presenting about CVE, CVSS, EPSS, KEV, VEX, CVD, SBOM, Incident Response, and others!</li><li>Speakers from the CVE Program, CISA, ENISA, global CERT teams, the OpenSSF, FIRST, and other renown industry experts</li><li>Actionable advice on how to engage with CVD across ecosystem stakeholders and how to use and align the assorted vuln metadata tools, frameworks, and standards</li></ul>"
         },
         {
           "contentnewsType": "paragraph",
-          "content": "Some showcase sessions will include: <ul><li>A “Day of VEX” from practitioners</li><li>A “Day of Vuln Identifiers” from practitioners</li><li>Previous  Keynotes spoke on the topics of “Supply Chain Security: The Office of the National Cyber Director Perspective”, “Vulnerability Coordination in the EU”, “What it takes to lead America’s Vulnerability Management Team”, and sessions from global CERT teams</li><li>Expert panels on Industry CVD, Vulnerability identifiers, VEX, Decentralized Root Cause analysis, the risks of requiring premature vuln disclosure, and more!</li><li>Detailed sessions updating frameworks like CWE, CVSS, EPSS, and others</li></ul>"
+          "content": "Some showcase sessions will include: <ul><li>A “Day of VEX” from practitioners</li><li>A “Day of Vuln Identifiers” from practitioners</li><li>Previous  Keynotes spoke on the topics of “Supply Chain Security: The Office of the National Cyber Director Perspective”, “Vulnerability Coordination in the EU”, “What it takes to lead America’s Vulnerability Management Team”, and sessions from global CERT teams</li><li>Expert panels on Industry CVD, Vulnerability identifiers, VEX, Decentralized Root Cause analysis, the risks of requiring premature vuln disclosure, and more!</li><li>Detailed sessions updating frameworks like CVSS, CWE, EPSS, and others</li></ul>"
         },
         {
           "contentnewsType": "paragraph",
@@ -132,7 +183,7 @@
         },
         {
           "contentnewsType": "paragraph",
-          "content": "For most up-to-date information, visit the <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>CVE/FIRST VulnCon 2025</a> conference page hosted on the FIRST website. We look forward to seeing you at this first-ever community event!</a>"
+          "content": "For most up-to-date information, visit the <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>CVE/FIRST VulnCon 2025</a> conference page hosted on the FIRST website. We look forward to seeing you at this exciting community event!</a>"
         }
       ]
     },
@@ -171,7 +222,7 @@
       "description": [
         {
           "contentnewsType": "paragraph",
-          "content": "The CVE Program now publishes a “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” every two weeks on the <a href='/About/Metrics'>Metrics</a> page on the CVE website to recognize <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> that are actively enriching their <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> by adding <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE&trade;) </a> information."
+          "content": "The CVE Program now publishes a “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” every two weeks on the <a href='/About/Metrics'>Metrics</a> page on the CVE website to recognize <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> that are actively enriching their <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> by adding <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE&trade;)</a> information."
         },
         {
           "contentnewsType": "paragraph",