2/3/26 release branch (#3838)

* #3836 Move 1 Board member to Other Past Contributors

* #3835 "CNA Enrichment Recognition List" info for 2/2/26

* #3834 Add 1 new CNA

* #3834 Update 4 CNA's info

* #3837 Added context explanatory text to CNAs vs CNA-LRs section

* CVERecord: fix on-page navigation to anchors

---------

Co-authored-by: Roy Lane <rlane@mitre.org>

Author: rroberge

src/assets/data/CNAsList.json

@@ -13414,21 +13414,21 @@
     "CNA": {
       "isRoot": false,
       "root": {
-        "shortName": "n/a",
-        "organizationName": "n/a"
+        "shortName": "ENISA",
+        "organizationName": "EU Agency for Cybersecurity (ENISA)"
       },
-      "roles": [
-        {
-          "helpText": "",
-          "role": "CNA"
-        }
+      "type": [
+        "CERT"
       ],
       "TLR": {
         "shortName": "mitre",
         "organizationName": "MITRE Corporation"
       },
-      "type": [
-        "CERT"
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
       ]
     },
     "country": "Slovak Republic"
@@ -16369,21 +16369,21 @@
     "CNA": {
       "isRoot": false,
       "root": {
-        "shortName": "n/a",
-        "organizationName": "n/a"
+        "shortName": "ENISA",
+        "organizationName": "EU Agency for Cybersecurity (ENISA)"
       },
-      "roles": [
-        {
-          "helpText": "",
-          "role": "CNA"
-        }
+      "type": [
+        "CERT"
       ],
       "TLR": {
         "shortName": "mitre",
         "organizationName": "MITRE Corporation"
       },
-      "type": [
-        "CERT"
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
       ]
     },
     "country": "Finland"
@@ -17131,21 +17131,21 @@
     "CNA": {
       "isRoot": false,
       "root": {
-        "shortName": "n/a",
-        "organizationName": "n/a"
+        "shortName": "ENISA",
+        "organizationName": "EU Agency for Cybersecurity (ENISA)"
       },
-      "roles": [
-        {
-          "helpText": "",
-          "role": "CNA"
-        }
+      "type": [
+        "CERT"
       ],
       "TLR": {
         "shortName": "mitre",
         "organizationName": "MITRE Corporation"
       },
-      "type": [
-        "CERT"
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
       ]
     },
     "country": "Poland"
@@ -27091,21 +27091,21 @@
     "CNA": {
       "isRoot": false,
       "root": {
-        "shortName": "n/a",
-        "organizationName": "n/a"
+        "shortName": "ENISA",
+        "organizationName": "EU Agency for Cybersecurity (ENISA)"
       },
-      "roles": [
-        {
-          "helpText": "",
-          "role": "CNA"
-        }
+      "type": [
+        "Bug Bounty Provider"
       ],
       "TLR": {
         "shortName": "mitre",
         "organizationName": "MITRE Corporation"
       },
-      "type": [
-        "Bug Bounty Provider"
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
       ]
     },
     "country": "France"
@@ -28189,5 +28189,61 @@
       ]
     },
     "country": "China"
+  },
+  {
+    "shortName": "CODRA",
+    "cnaID": "CNA-2026-0007",
+    "organizationName": "CODRA",
+    "scope": "CODRA’s products and related services.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "secure.panorama@codra.net"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://my.codra.net/en-gb/messages/csirt-disclosure-policy"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://my.codra.net/en-gb/csirt"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "icscert",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
+      },
+      "type": [
+        "Vendor"
+      ],
+      "TLR": {
+        "shortName": "CISA",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ]
+    },
+    "country": "France"
   }
 ]

src/assets/data/currentBoardMembersList.json

@@ -47,14 +47,6 @@
       "organizationURL": "https://uk.linkedin.com/in/infosecjen",
       "role": "Board"
     },
-    {
-      "familyName": "Emsweller",
-      "firstName": "Patrick",
-      "imageURL": "",
-      "organization": "Cisco Systems, Inc.",
-      "organizationURL": "https://www.cisco.com/",
-      "role": "Board"
-    },
     {
       "familyName": "Gazlay",
       "firstName": "Jay",

src/assets/data/metrics.json

@@ -1176,7 +1176,7 @@
         },
         {
           "month": "February",
-          "value": "TBA"
+          "value": "1"
         },
         {
           "month": "March",

src/assets/data/news.json

@@ -1,5 +1,66 @@
 {
   "currentNews": [
+    {
+      "id": 625,
+      "newsType": "news",
+      "title": "CODRA Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "CODRA Added as CNA",
+      "date": "2026-02-03",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/CODRA'>CODRA</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for CODRA’s products and related services."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>491 CNAs</a> (488 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>41 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. CODRA is the 9th CNA from France."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "CODRA’s Root is the <a href='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 624,
+      "newsType": "blog",
+      "title": "Vulnerability Data Enrichment for CVE Records: 256 CNAs on the Enrichment Recognition List for February 2, 2026",
+      "urlKeywords": "CNA Enrichment Recognition List Update",
+      "date": "2026-02-03",
+      "author": {
+        "name": "CVE Program",
+        "organization": {
+          "name": "CVE Program",
+          "url": ""
+        },
+        "title": "",
+        "bio": ""
+      },
+      "description": [
+        {
+          "contentnewsType": "image",
+          "imageWidth": "",
+          "href": "/news/CnaEnrichmentRecognitionList.png",
+          "altText": "Increasing the Value of the CVE Record - CNA Enrichment Recognition List"
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The “<a href='/About/Metrics#CNAEnrichmentRecognition'>CNA Enrichment Recognition List</a>” for February 2, 2026, is now available with 256 CNAs listed. Published monthly on the CVE website, the list recognizes those <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> that are actively providing enhanced vulnerability data in their <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a>. CNAs are added to the list if they provide <a href='https://www.first.org/cvss/' target='_blank'>Common Vulnerability Scoring System (CVSS)</a> and <a href='https://cwe.mitre.org/' target='_blank'>Common Weakness Enumeration (CWE&trade;)</a> in at least 98% of their records that were published within two weeks of their most recently published record."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "CNA Enrichment Recognition List criteria and reporting are intended to recognize those <a href='/ProgramOrganization/CNAs'>CNAs</a> taking on the work to increase the value of <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for downstream consumers, and encourage others to do the same. Enrichment Recognition List criteria may change over time. The most recent modifications occurred in June 2025 when data pulls were moved from every two weeks and based upon data from the last 12 months, to the current reporting of once-per-month data pulls based upon data from the previous six months."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "For more about the recognition list, see “<a href='/Media/News/item/blog/2024/09/10/CNA-Enrichment-Recognition-List'>Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records</a>.” To learn more about vulnerability information types like CVSS and CWE, see the <a href='/CVERecord/UserGuide'>CVE Record User Guide</a>. View the most current CNA Enrichment Recognition List on the CVE website Metrics page <a href='/About/Metrics#CNAEnrichmentRecognition'>here</a>."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "CNA Enrichment Recognition List for February 2, 2026, with 256 CNAs listed: <ul><li>Acronis International GmbH</li><li>Adobe Systems Incorporated</li><li>Advanced Micro Devices Inc.</li><li>Airbus</li><li>AlgoSec</li><li>Altera</li><li>Altium</li><li>Amazon</li><li>AMI</li><li>ARC Informatique</li><li>Arista Networks, Inc.</li><li>Armis, Inc.</li><li>Asea Brown Boveri Ltd.</li><li>ASR Microelectronics Co., Ltd.</li><li>ASUSTeK Computer Incorporation</li><li>ASUSTOR Inc.</li><li>ATISoluciones Diseño de Sistemas Electrónicos, S.L.</li><li>Austin Hackers Anonymous</li><li>Autodesk</li><li>Automotive Security Research Group (ASRG)</li><li>Axis Communications AB</li><li>AxxonSoft Limited</li><li>Azure Access Technology</li><li>Bitdefender</li><li>Bizerba SE & Co. KG</li><li>Black Duck Software, Inc.</li><li>Black Lantern Security</li><li>BlackBerry</li><li>Bugcrowd Inc.</li><li>CA Technologies</li><li>Canon EMEA</li><li>Canon Inc.</li><li>Canonical Ltd.</li><li>Carrier Global Corporation</li><li>Centreon</li><li>CERT.PL</li><li>CERT@VDE</li><li>Check Point Software Technologies Ltd.</li><li>Checkmarx</li><li>Checkmk GmbH</li><li>Cisco Systems, Inc.</li><li>Citrix Systems, Inc.</li><li>Cloudflare, Inc.</li><li>Commvault Systems Inc</li><li>Concrete CMS</li><li>ConnectWise LLC</li><li>Crestron Electronics, Inc.</li><li>CrowdStrike Holdings, Inc.</li><li>CyberArk Labs</li><li>CyberDanube</li><li>Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government</li><li>Dahua Technologies</li><li>Danfoss</li><li>Dassault Systèmes</li><li>Delinea, Inc.</li><li>Dell EMC</li><li>Delta Electronics, Inc.</li><li>Digi International Inc.</li><li>Docker Inc.</li><li>dotCMS LLC</li><li>Dragos, Inc.</li><li>Eaton</li><li>Eclipse Foundation</li><li>Elastic</li><li>EnterpriseDB Corporation</li><li>Environmental Systems Research Institute, Inc. (Esri)</li><li>Ericsson</li><li>Erlang Ecosystem Foundation</li><li>ESET, spol. s r.o.</li><li>EU Agency for Cybersecurity (ENISA)</li><li>Extreme Networks, Inc.</li><li>F5 Networks</li><li>Fedora Project (Infrastructure Software)</li><li>Fermax Technologies SLU</li><li>Financial Security Institute (FSI)</li><li>Flexera Software LLC</li><li>floragunn GmbH</li><li>Fluid Attacks</li><li>Fortinet, Inc.</li><li>Fortra, LLC</li><li>Foxit Software Incorporated</li><li>Gallagher Group Ltd</li><li>GE Vernova</li><li>Genetec Inc.</li><li>GitHub (maintainer security advisories)</li><li>GitHub Inc, (Products Only)</li><li>GitLab Inc.</li><li>Glyph & Cog, LLC</li><li>Google Cloud</li><li>Google LLC</li><li>Gridware Cybersecurity</li><li>Hallo Welt! GmbH</li><li>Hanwha Vision Co., Ltd.</li><li>Harborist</li><li>HashiCorp Inc.</li><li>HeroDevs</li><li>HiddenLayer, Inc.</li><li>Hitachi Energy</li><li>Hitachi Vantara</li><li>Hitachi, Ltd.</li><li>Honeywell International Inc.</li><li>Honor Device Co., Ltd.</li><li>HP Inc.</li><li>HYPR Corp</li><li>IBM Corporation</li><li>ICS-CERT</li><li>Indian Computer Emergency Response Team (CERT-In)</li><li>Insyde Software</li><li>Intel Corporation</li><li>Internet Systems Consortium (ISC)</li><li>Israel National Cyber Directorate</li><li>Ivanti</li><li>Jamf</li><li>Jaspersoft</li><li>JetBrains s.r.o.</li><li>JFROG</li><li>Johnson Controls</li><li>JPCERT/CC</li><li>Juniper Networks, Inc.</li><li>Kaspersky</li><li>KNIME AG</li><li>KrCERT/CC</li><li>Kubernetes</li><li>Larry Cashdollar</li><li>Legion of the Bouncy Castle Inc.</li><li>Lenovo Group Ltd.</li><li>Lexmark International Inc.</li><li>LG Electronics</li><li>Liferay, Inc.</li><li>M-Files Corporation</li><li>Maritime Hacking Village</li><li>Mattermost, Inc</li><li>Mautic</li><li>Medtronic</li><li>Microchip Technology</li><li>Microsoft Corporation</li><li>Milestone Systems A/S</li><li>Mitsubishi Electric Corporation</li><li>Monash University - Cyber Security Incident Response Team</li><li>Moxa Inc.</li><li>N-able</li><li>National Cyber Security Centre Finland</li><li>National Instruments</li><li>NEC Corporation</li><li>Neo4j</li><li>NETGEAR</li><li>Netskope</li><li>NLnet Labs</li><li>NortonLifeLock Inc</li><li>Nozomi Networks Inc.</li><li>Nvidia Corporation</li><li>Omnissa, LLC</li><li>OMRON Corporation</li><li>ONEKEY GmbH</li><li>Open Design Alliance</li><li>Open-Xchange</li><li>OpenHarmony</li><li>OpenJS Foundation</li><li>OpenText (formerly Micro Focus)</li><li>OpenVPN Inc.</li><li>OPPO</li><li>Palantir Technologies</li><li>Palo Alto Networks</li><li>Panasonic Holdings Corporation</li><li>PaperCut Software Pty Ltd</li><li>Pegasystems</li><li>PHP Group</li><li>Ping Identity Corporation</li><li>Progress Software Corporation</li><li>Proofpoint Inc.</li><li>Protect AI</li><li>Pure Storage, Inc.</li><li>QNAP Systems, Inc.</li><li>Qualcomm, Inc.</li><li>Qualys, Inc.</li><li>Radiometer Medical ApS</li><li>rami.io GmbH</li><li>Rapid7, Inc.</li><li>Real-Time Innovations, Inc.</li><li>Red Hat CNA-LR</li><li>Red Hat, Inc.</li><li>Ribose Limited</li><li>Robert Bosch GmbH</li><li>Roche Diagnostics</li><li>Rockwell Automation</li><li>S21sec Cyber Solutions by Thales</li><li>SailPoint Technologies</li><li>SAP SE</li><li>Schneider Electric SE</li><li>Seagate Technology</li><li>Security Risk Advisors</li><li>ServiceNow</li><li>SICK AG</li><li>Siemens</li><li>Silicon Labs</li><li>Snyk</li><li>Softing</li><li>SoftIron</li><li>SolarWinds</li><li>Solidigm</li><li>Sonatype Inc.</li><li>Sophos</li><li>StrongDM</li><li>Super Micro Computer, Inc.</li><li>Suse</li><li>Switzerland National Cyber Security Centre (NCSC)</li><li>Symantec - A Division of Broadcom</li><li>Synaptics</li><li>Synology Inc.</li><li>Talos</li><li>Tanium Inc.</li><li>TeamViewer Germany GmbH</li><li>Temporal Technologies Inc.</li><li>Tenable Network Security, Inc.</li><li>Teradyne Robotics</li><li>Thales Group</li><li>The Browser Company of New York</li><li>The Document Foundation</li><li>The Joomla! Project</li><li>The Missing Link Australia (TML)</li><li>The Qt Company</li><li>The Rust Project</li><li>The Tcpdump Group</li><li>The Wikimedia Foundation</li><li>TianoCore.org</li><li>TIBCO Software Inc.</li><li>Toreon</li><li>TP-Link Systems Inc.</li><li>TR-CERT (Computer Emergency Response Team of the Republic of Turkey)</li><li>Trend Micro, Inc.</li><li>TWCERT/CC</li><li>TYPO3 Association</li><li>upKeeper Solutions</li><li>Vaadin Ltd.</li><li>VMware</li><li>VulDB</li><li>VulnCheck</li><li>WatchGuard Technologies, Inc.</li><li>Western Digital</li><li>Wind River Systems Inc.</li><li>Wiz, Inc.</li><li>wolfSSL Inc.</li><li>Wordfence</li><li>WSO2 LLC</li><li>Xerox Corporation</li><li>Yandex N.V.</li><li>Yugabyte, Inc.</li><li>Zabbix</li><li>Zephyr Project</li><li>Zero Day Initiative</li><li>Zohocorp</li><li>Zoom Video Communications, Inc.</li><li>Zscaler, Inc.</li><li>ZTE Corporation</li><li>ZUSO Advanced Research Team (ZUSO ART)</li><li>Zyxel Corporation</li></ul>"
+        }
+      ]
+    },
     {
       "id": 623,
       "newsType": "news",