Skip to content

Commit

Permalink
1/7/25 release branch (#3402)
Browse files Browse the repository at this point in the history 
#3385, #3386, #3395, & #3396

* #3396 Add News article @ Board Minutes from 12/11/24

* #3386 Add 3 new CNAs

* #3395 Add 1 Blog & Update 1 Event for VulnCon 2025 CFP Closing

* #3385 Add 1 new Root
  • Loading branch information
@rroberge
rroberge authored Jan 7, 2025
1 parent ba09fa7 commit e05a827
Show file tree
Hide file tree
Showing 7 changed files with 483 additions and 29 deletions.
209 changes: 193 additions & 16 deletions src/assets/data/CNAsList.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3471,7 +3471,7 @@
{
"helpText": "",
"role": "CNA"
}
}
]
},
"country": "USA"
Expand Down Expand Up @@ -10596,10 +10596,10 @@
"country": "Taiwan"
},
{
"shortName": "Thales",
"shortName": "THA-PSIRT",
"cnaID": "CNA-2021-0045",
"organizationName": "Thales Group",
"scope": "Thales branded products and technologies, products and technologies of subsidiaries of Thales Group, unless covered by the scope of another CNA as well as vulnerabilities in third-party software discovered by Thales Group and subsidiaries that are not in another CNA’s scope",
"scope": "<strong>Root Scope:</strong> Products and technologies of subsidiaries of Thales Group<br/><strong>CNA Scope:</strong> Thales branded products and technologies, products and technologies of subsidiaries of Thales Group, unless covered by the scope of another CNA as well as vulnerabilities in third-party software discovered by Thales Group and subsidiaries that are not in another CNA’s scope",
"contact": [
{
"email": [
Expand Down Expand Up @@ -10637,18 +10637,26 @@
"CNA": {
"isRoot": false,
"root": {
"shortName": "icscert",
"organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
"shortName": "n/a",
"organizationName": "n/a"
},
"role": [
"Root",
"CNA"
],
"type": [
"Vendor",
"Researcher"
],
"TLR": {
"shortName": "CISA",
"organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
"shortName": "mitre",
"organizationName": "MITRE Corporation"
},
"roles": [
{
"helpText": "",
"role": "Root"
},
{
"helpText": "",
"role": "CNA"
Expand Down Expand Up @@ -24834,21 +24842,21 @@
"CNA": {
"isRoot": false,
"root": {
"shortName": "n/a",
"organizationName": "n/a"
"shortName": "THA-PSIRT",
"organizationName": "Thales Group"
},
"roles": [
{
"helpText": "",
"role": "CNA"
}
"type": [
"Researcher"
],
"TLR": {
"shortName": "mitre",
"organizationName": "MITRE Corporation"
},
"type": [
"Researcher"
"roles": [
{
"helpText": "",
"role": "CNA"
}
]
},
"country": "Spain"
Expand Down Expand Up @@ -24908,5 +24916,174 @@
]
},
"country": "Switzerland"
},
{
"shortName": "MolDev",
"cnaID": "CNA-2025-0001",
"organizationName": "Molecular Devices",
"scope": "Molecular Devices products only as listed on <a href='https://www.moleculardevices.com/products' target='_blank'>moleculardevices.com/products</a>",
"contact": [
{
"email": [],
"contact": [
{
"label": "CVD Submission Contact and Process",
"url": "https://www.moleculardevices.com/coordinated-vulnerability-disclosure-policy"
}
],
"form": []
}
],
"disclosurePolicy": [
{
"label": "Policy",
"language": "",
"url": "https://www.moleculardevices.com/coordinated-vulnerability-disclosure-policy"
}
],
"securityAdvisories": {
"alerts": [],
"advisories": [
{
"label": "Advisories",
"url": "https://support.moleculardevices.com/s/article/Molecular-Devices-Security-Advisory"
}
]
},
"resources": [],
"CNA": {
"isRoot": false,
"root": {
"shortName": "icscert",
"organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
},
"roles": [
{
"helpText": "",
"role": "CNA"
}
],
"TLR": {
"shortName": "CISA",
"organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
},
"type": [
"Vendor"
]
},
"country": "USA"
},
{
"shortName": "SOCRadar",
"cnaID": "CNA-2025-0002",
"organizationName": "SOCRadar Cyber Intelligence Inc.",
"scope": "Vulnerabilities in SOCRadar products and services and vulnerabilities discovered by or reported to SOCRadar that are not in another CNA’s scope",
"contact": [
{
"email": [
{
"label": "Email",
"emailAddr": "[email protected]"
}
],
"contact": [],
"form": []
}
],
"disclosurePolicy": [
{
"label": "Policy",
"language": "",
"url": "https://socradar.io/security/"
}
],
"securityAdvisories": {
"alerts": [],
"advisories": [
{
"label": "Advisories",
"url": "https://socradar.io/labs/cve-radar/"
}
]
},
"resources": [],
"CNA": {
"isRoot": false,
"root": {
"shortName": "icscert",
"organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
},
"roles": [
{
"helpText": "",
"role": "CNA"
}
],
"TLR": {
"shortName": "CISA",
"organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
},
"type": [
"Vendor",
"Researcher"
]
},
"country": "USA"
},
{
"shortName": "PTC",
"cnaID": "CNA-2025-0003",
"organizationName": "PTC Inc.",
"scope": "All currently supported PTC software products and cloud/SaaS services",
"contact": [
{
"email": [],
"contact": [
{
"label": "Vulnerability Reporting page",
"url": "https://www.ptc.com/documents/security/coordinated-vulnerability-disclosure"
}
],
"form": []
}
],
"disclosurePolicy": [
{
"label": "Policy",
"language": "",
"url": "https://www.ptc.com/documents/security/coordinated-vulnerability-disclosure"
}
],
"securityAdvisories": {
"alerts": [],
"advisories": [
{
"label": "Advisories",
"url": "https://www.ptc.com/en/about/trust-center/advisory-center"
}
]
},
"resources": [],
"CNA": {
"isRoot": false,
"root": {
"shortName": "icscert",
"organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
},
"roles": [
{
"helpText": "",
"role": "CNA"
}
],
"TLR": {
"shortName": "CISA",
"organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
},
"type": [
"Vendor"
]
},
"country": "USA"
}
]
2 changes: 1 addition & 1 deletion src/assets/data/events.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@
"displayOnHomepageOrder": 1,
"title": "CVE/FIRST VulnCon 2025",
"location": "Raleigh, North Carolina, USA & Virtual",
"description": "VulnCon 2025 is co-sponsored by the <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> and is open to the public.<br/><br/><strong>SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs)</strong>:<br/><i>VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.</i><br/><br/><strong>Call for Papers</strong>:<br/>Open until January 31, 2025. Details <a href='https://www.first.org/conference/vulncon2025/cfp' target='_blank'>here</a>.<br/><br/> <strong>Registration</strong>:<br/>Now open. Details <a href='https://www.first.org/conference/vulncon2025/#Registration-Information' target='_blank'>here</a>.<br/><ul><li>Standard Admission (by March 9, 2025): US $300.00</li><li>Late Rate Admission (after March 9, 2025): US $375.00</li><li>Virtual Admission: US $100.00</li></ul>Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.<br/><br/>An After Party will be tentatively hosted off-site with tickets to be sold separately. More information to come. Tickets will cost US $25.00.<br/><br/><strong>Program Overview</strong>:<br/>* Day 1: Monday, April 7 &mdash; TBA<br/>* Day 2: Tuesday, April 8 &mdash; TBA<br/>* Day 3: Wednesday, April 9 &mdash; TBA <br/>* Day 4: Thursday, April 10 &mdash; TBA<br/><br/><strong>Agenda</strong>:<br/> TBA<br/><br/><strong>Venue</strong>:<br/><a href='https://facilities.ofa.ncsu.edu/building/mck/' target='_blank'>McKimmon Center,<br/>North Carolina State University</a>,<br/>1101 Gorman St.,<br/> Raleigh, North Carolina 27606<br/>USA<br/><br/><strong>Purpose</strong>:<br/>The purpose of <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon</a> is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.<br/><br/>A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",
"description": "VulnCon 2025 is co-sponsored by the <a href='/'>CVE Program</a> and <a href='https://www.first.org/' target='_blank'>FIRST</a> and is open to the public.<br/><br/><strong>SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs)</strong>:<br/><i>VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.</i><br/><br/><strong>Call for Papers</strong>:<br/>Open until January 15, 2025. Details <a href='https://www.first.org/conference/vulncon2025/cfp' target='_blank'>here</a>.<br/><br/> <strong>Registration</strong>:<br/>Now open. Details <a href='https://www.first.org/conference/vulncon2025/#Registration-Information' target='_blank'>here</a>.<br/><ul><li>Standard Admission (by March 9, 2025): US $300.00</li><li>Late Rate Admission (after March 9, 2025): US $375.00</li><li>Virtual Admission: US $100.00</li></ul>Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.<br/><br/>An After Party will be tentatively hosted off-site with tickets to be sold separately. More information to come. Tickets will cost US $25.00.<br/><br/><strong>Program Overview</strong>:<br/>* Day 1: Monday, April 7 &mdash; TBA<br/>* Day 2: Tuesday, April 8 &mdash; TBA<br/>* Day 3: Wednesday, April 9 &mdash; TBA <br/>* Day 4: Thursday, April 10 &mdash; TBA<br/><br/><strong>Agenda</strong>:<br/> TBA<br/><br/><strong>Venue</strong>:<br/><a href='https://facilities.ofa.ncsu.edu/building/mck/' target='_blank'>McKimmon Center,<br/>North Carolina State University</a>,<br/>1101 Gorman St.,<br/> Raleigh, North Carolina 27606<br/>USA<br/><br/><strong>Purpose</strong>:<br/>The purpose of <a href='https://www.first.org/conference/vulncon2025/' target='_blank'>VulnCon</a> is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.<br/><br/>A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",
"permission": "public",
"url": "https://www.first.org/conference/vulncon2025/",
"date": {
Expand Down
53 changes: 53 additions & 0 deletions src/assets/data/metrics.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1124,6 +1124,59 @@
}
],
"cnasAddedByYear": [
{
"year": "2025",
"data": [
{
"month": "January",
"value": "3"
},
{
"month": "February",
"value": "TBA"
},
{
"month": "March",
"value": "TBA"
},
{
"month": "April",
"value": "TBA"
},
{
"month": "May",
"value": "TBA"
},
{
"month": "June",
"value": "TBA"
},
{
"month": "July",
"value": "TBA"
},
{
"month": "August",
"value": "TBA"
},
{
"month": "September",
"value": "TBA"
},
{
"month": "October",
"value": "TBA"
},
{
"month": "November",
"value": "TBA"
},
{
"month": "December",
"value": "TBA"
}
]
},
{
"year": "2024",
"data": [
Expand Down
Loading

0 comments on commit e05a827

Please sign in to comment.