Skip to content

Commit

Permalink
#3385 Add 1 new Root
Browse files Browse the repository at this point in the history
  • Loading branch information
@rroberge
rroberge committed Jan 7, 2025
1 parent c11e97d commit 66c21cb
Show file tree
Hide file tree
Showing 5 changed files with 117 additions and 24 deletions.
40 changes: 24 additions & 16 deletions src/assets/data/CNAsList.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3471,7 +3471,7 @@
{
"helpText": "",
"role": "CNA"
}
}
]
},
"country": "USA"
Expand Down Expand Up @@ -10596,10 +10596,10 @@
"country": "Taiwan"
},
{
"shortName": "Thales",
"shortName": "THA-PSIRT",
"cnaID": "CNA-2021-0045",
"organizationName": "Thales Group",
"scope": "Thales branded products and technologies, products and technologies of subsidiaries of Thales Group, unless covered by the scope of another CNA as well as vulnerabilities in third-party software discovered by Thales Group and subsidiaries that are not in another CNA’s scope",
"scope": "<strong>Root Scope:</strong> Products and technologies of subsidiaries of Thales Group<br/><strong>CNA Scope:</strong> Thales branded products and technologies, products and technologies of subsidiaries of Thales Group, unless covered by the scope of another CNA as well as vulnerabilities in third-party software discovered by Thales Group and subsidiaries that are not in another CNA’s scope",
"contact": [
{
"email": [
Expand Down Expand Up @@ -10637,18 +10637,26 @@
"CNA": {
"isRoot": false,
"root": {
"shortName": "icscert",
"organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
"shortName": "n/a",
"organizationName": "n/a"
},
"role": [
"Root",
"CNA"
],
"type": [
"Vendor",
"Researcher"
],
"TLR": {
"shortName": "CISA",
"organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
"shortName": "mitre",
"organizationName": "MITRE Corporation"
},
"roles": [
{
"helpText": "",
"role": "Root"
},
{
"helpText": "",
"role": "CNA"
Expand Down Expand Up @@ -24834,21 +24842,21 @@
"CNA": {
"isRoot": false,
"root": {
"shortName": "n/a",
"organizationName": "n/a"
"shortName": "THA-PSIRT",
"organizationName": "Thales Group"
},
"roles": [
{
"helpText": "",
"role": "CNA"
}
"type": [
"Researcher"
],
"TLR": {
"shortName": "mitre",
"organizationName": "MITRE Corporation"
},
"type": [
"Researcher"
"roles": [
{
"helpText": "",
"role": "CNA"
}
]
},
"country": "Spain"
Expand Down
85 changes: 84 additions & 1 deletion src/assets/data/news.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,88 @@
{
"currentNews": [
{
"id": 466,
"newsType": "blog",
"title": "CVE Program Expands Partnership with Thales Group",
"urlKeywords": "CVE Program Expands Partnership with Thales Group",
"date": "2025-01-07",
"author": {
"name": "CVE Program",
"organization": {
"name": "CVE Program",
"url": ""
},
"title": "",
"bio": ""
},
"description": [
{
"contentnewsType": "paragraph",
"content": "The <a href='/'>CVE&reg; Program</a> is expanding its partnership with <a href='/PartnerInformation/ListofPartners/partner/THA-PSIRT'>Thales Group</a> for managing the assignment of <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publication of <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for the CVE Program."
},
{
"contentnewsType": "paragraph",
"content": "Thales Group is now designated as a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRoot'>Root</a> for products and technologies of subsidiaries of Thales Group."
},
{
"contentnewsType": "paragraph",
"content": "As a Root, Thales Group is responsible for ensuring the effective assignment of CVE IDs, implementing the CVE Program rules and guidelines, and managing the <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> under its care. It is also responsible for recruitment and onboarding of new CNAs and resolving disputes within its scope."
},
{
"contentnewsType": "paragraph",
"content": "A <a href='/ProgramOrganization/CNAs'>CNA</a> is an organization responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing. There are currently <a href='/PartnerInformation/ListofPartners'>435 CNAs</a> (433 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation actively participating in the CVE Program."
},
{
"contentnewsType": "paragraph",
"content": "Currently, <a href='/PartnerInformation/ListofPartners/partner/Google'>Google</a>, <a href='/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</a>, <a href='/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</a>, <a href='/PartnerInformation/ListofPartners/partner/INCIBE'>Spanish National Cybersecurity Institute (INCIBE)</a>, and <a href='/PartnerInformation/ListofPartners/partner/THA-PSIRT'>Thales Group</a> are Roots under the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>. The <a href='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS Root</a> is a Root under the <a href='/PartnerInformation/ListofPartners/partner/CISA'>CISA Top-Level Root</a>. Learn more about how the CVE Program is organized on the <a href='/ProgramOrganization/Structure'>Structure page</a>."
},
{
"contentnewsType": "paragraph",
"content": "<h4>Comments or Questions?</h4>"
},
{
"contentnewsType": "paragraph",
"content": "If you have any questions about this article, please comment on the <a href='https://medium.com/@cve_program' target='_blank'>CVE Blog on Medium</a>, or use the <a href='https://cveform.mitre.org/' target='_blank'>CVE Program Request forms</a> and select “Other” from the dropdown menu. We look forward to hearing from you!"
}
]
},
{
"id": 465,
"displayOnHomepageOrder": 0,
"newsType": "press-release",
"title": "CVE Program Expands Partnership with Thales Group - Thales Group takes new role in assigning and monitoring CVE IDs",
"date": "2025-01-07",
"description": [
{
"contentnewsType": "paragraph",
"content": "FOR IMMEDIATE RELEASE &mdash; The <a href='/'>CVE&reg; Program</a> is expanding its partnership with <a href='/PartnerInformation/ListofPartners/partner/THA-PSIRT'>Thales Group</a> for managing the assignment of <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publication of <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for the CVE Program."
},
{
"contentnewsType": "paragraph",
"content": "Thales Group is now designated as a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRoot'>Root</a> for products and technologies of subsidiaries of Thales Group."
},
{
"contentnewsType": "paragraph",
"content": "As a Root, Thales Group is responsible for ensuring the effective assignment of CVE IDs, implementing the CVE Program rules and guidelines, and managing the <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> under its care. It is also responsible for recruitment and onboarding of new CNAs and resolving disputes within its scope."
},
{
"contentnewsType": "paragraph",
"content": "A <a href='/ProgramOrganization/CNAs'>CNA</a> is an organization responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing. There are currently <a href='/PartnerInformation/ListofPartners'>435 CNAs</a> (433 CNAs and 2 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation actively participating in the CVE Program."
},
{
"contentnewsType": "paragraph",
"content": "Currently, <a href='/PartnerInformation/ListofPartners/partner/Google'>Google</a>, <a href='/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</a>, <a href='/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</a>, <a href='/PartnerInformation/ListofPartners/partner/INCIBE'>Spanish National Cybersecurity Institute (INCIBE)</a>, and <a href='/PartnerInformation/ListofPartners/partner/THA-PSIRT'>Thales Group</a> are Roots under the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>. <a href='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS Root</a> is a Root under the <a href='/PartnerInformation/ListofPartners/partner/CISA'>CISA Top-Level Root</a>. Learn more about how the CVE Program is organized on the <a href='/ProgramOrganization/Structure'>Structure page on the CVE website</a>."
},
{
"contentnewsType": "paragraph",
"content": "<strong>About the CVE Program</strong><br/>The mission of the <a href='/'>CVE&reg; Program</a> is to identify, define, and catalog publicly disclosed cybersecurity vulnerabilities. There is one CVE Record for each vulnerability in the catalog. The vulnerabilities are discovered then assigned and published by organizations from around the world that have partnered with the CVE Program. Partners publish CVE Records to communicate consistent descriptions of vulnerabilities. Information technology and cybersecurity professionals use CVE Records to ensure they are discussing the same issue, and to coordinate their efforts to prioritize and address the vulnerabilities."
},
{
"contentnewsType": "paragraph",
"content": "MEDIA CONTACT<br/><a href='mailto:[email protected]'>[email protected]</a>"
}
]
},
{
"id": 464,
"newsType": "blog",
Expand Down Expand Up @@ -178,7 +261,7 @@
},
{
"contentnewsType": "paragraph",
"content": "S21sec’s Root is the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>."
"content": "S21sec’s Root is the <a href='/PartnerInformation/ListofPartners/partner/THA-PSIRT'>Thales Group</a>."
}
]
},
Expand Down
Binary file modified src/assets/images/CVEProgramStructure.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
9 changes: 5 additions & 4 deletions src/views/ProgramOrganization/Structure.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,12 +36,13 @@
<router-link to='/PartnerInformation/ListofPartners/partner/mitre'>MITRE</router-link>.
The CISA TL-Root hierarchy includes one Root
(<router-link to='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS</router-link>),
multiple CNAs, and one CNA-LR managed by the CISA ICS Root. The MITRE TL-Root hierarchy includes four Roots
multiple CNAs, and one CNA-LR managed by the CISA ICS Root. The MITRE TL-Root hierarchy includes five Roots
(<router-link to='/PartnerInformation/ListofPartners/partner/Google'>Google</router-link>,
<router-link to='/PartnerInformation/ListofPartners/partner/INCIBE'>INCIBE</router-link>,
<router-link to='/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</router-link>, and
<router-link to='/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</router-link>), multiple CNAs, and one CNA-LR managed by
the MITRE TL-Root. In both hierarchies, each of the five Roots also manages their own CNAs.
<router-link to='/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</router-link>,
<router-link to='/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</router-link>, and
<router-link to='/PartnerInformation/ListofPartners/partner/THA-PSIRT'>Thales Group</router-link>),
multiple CNAs, and one CNA-LR managed by the MITRE TL-Root. In both hierarchies, each of the six Roots also manages their own CNAs.
</p>
<p>
<router-link to='/ProgramOrganization/ADPs'>Authorized Data Publishers (ADPs)</router-link>
Expand Down
7 changes: 4 additions & 3 deletions src/views/ResourcesSupport/AllResources/CveServices.vue
View file
Original file line number Diff line number Diff line change
Expand Up @@ -213,9 +213,10 @@
(<router-link to="/PartnerInformation/ListofPartners/partner/icscert">CISA ICS</router-link>,
<router-link to="/PartnerInformation/ListofPartners/partner/Google">Google</router-link>,
<router-link to="/PartnerInformation/ListofPartners/partner/INCIBE">INCIBE</router-link>,
<router-link to="/PartnerInformation/ListofPartners/partner/jpcert">JPCERT/CC</router-link>, or
<router-link to="/PartnerInformation/ListofPartners/partner/redhat">Red Hat</router-link>) or their Top-Level Root (
<router-link to="/PartnerInformation/ListofPartners/partner/CISA">CISA</router-link> or
<router-link to="/PartnerInformation/ListofPartners/partner/jpcert">JPCERT/CC</router-link>,
<router-link to="/PartnerInformation/ListofPartners/partner/redhat">Red Hat</router-link>, or
<router-link to="/PartnerInformation/ListofPartners/partner/THA-PSIRT">Thales Group</router-link>),
or their Top-Level Root (<router-link to="/PartnerInformation/ListofPartners/partner/CISA">CISA</router-link> or
<router-link to="/PartnerInformation/ListofPartners/partner/mitre">MITRE</router-link>).
</p>
<h3 :id="pagePath['Obtaining Credentials']['items']['CNA Users'].anchorId" class="title">Individual CNA Users</h3>
Expand Down

0 comments on commit 66c21cb

Please sign in to comment.