Registration: Virtual registration available until April 4, 2025. Details here.
Virtual Admission: US $100.00 (until April 4, 2025)
In-person Standard Admission (closed): US $300.00
In-person Late Rate Admission (closed): US $375.00
Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.
An offsite social event is planned for Tuesday, April 8, from 19:00-21:00 in downtown Raleigh. Location to be announced in January. You may purchase a ticket during your main registration or access a separate purchase form link found in your registration email confirmation. Tickets are US $30.00 per person.
Program Overview: * Day 1: Monday, April 7 — Plenary, Vendor Tables, Welcome Reception * Day 2: Tuesday, April 8 — Plenary, Vendor Tables, Off-site Social Event * Day 3: Wednesday, April 9 — Plenary, Breakouts, Vendor Tables * Day 4: Thursday, April 10 — Plenary, Breakouts, Vendor Tables
Call for Papers: Closed on January 31, 2025. Details here.
Purpose: The purpose of VulnCon is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.
A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",
+ "description": "VulnCon 2025 is co-sponsored by the CVE Program and FIRST and is open to the public.
SPECIAL MESSAGE FOR CVE NUMBERING AUTHORITIES (CNAs): VulnCon 2025 takes the place of this year’s Spring CVE Global Summit.
Program Overview: * Day 1: Monday, April 7 — Plenary, Vendor Tables, Welcome Reception * Day 2: Tuesday, April 8 — Plenary, Vendor Tables, Off-site Social Event * Day 3: Wednesday, April 9 — Plenary, Breakouts, Vendor Tables * Day 4: Thursday, April 10 — Plenary, Breakouts, Vendor Tables
Registration: Registration is now closed. Details here.
Virtual Admission: US $100.00 (closed)
In-person Standard Admission (closed): US $300.00
In-person Late Rate Admission (closed): US $375.00
Registration fees include four days of coffee breaks and buffet lunches, one networking reception hosted at the McKimmon Center, and applicable meeting materials. Note that discounted rates are not being offered for this event regardless of membership or speaking status.
An offsite social event is planned for Tuesday, April 8, from 19:00-21:00 in downtown Raleigh. You may purchase a ticket during your main registration or access a separate purchase form link found in your registration email confirmation. Tickets are US $30.00 per person.
Call for Papers: Closed on January 31, 2025. Details here.
Purpose: The purpose of VulnCon is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem.
A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly.",
"permission": "public",
"url": "https://www.first.org/conference/vulncon2025/",
"date": {
diff --git a/src/assets/data/metrics.json b/src/assets/data/metrics.json
index ce346914..44794648 100644
--- a/src/assets/data/metrics.json
+++ b/src/assets/data/metrics.json
@@ -1141,7 +1141,7 @@
},
{
"month": "April",
- "value": "TBA"
+ "value": "3"
},
{
"month": "May",
diff --git a/src/assets/data/news.json b/src/assets/data/news.json
index a6e7059c..c78b4fc2 100644
--- a/src/assets/data/news.json
+++ b/src/assets/data/news.json
@@ -1,8 +1,180 @@
{
"currentNews": [
+ {
+ "id": 509,
+ "newsType": "blog",
+ "title": "Happening This Week: CVE/FIRST VulnCon 2025, April 7–10, 2025",
+ "urlKeywords": "Happening This Week VulnCon 2025",
+ "date": "2025-04-08",
+ "author": {
+ "name": "CVE Program",
+ "organization": {
+ "name": "CVE Program",
+ "url": ""
+ },
+ "title": "",
+ "bio": ""
+ },
+ "description": [
+ {
+ "contentnewsType": "image",
+ "imageWidth": "",
+ "href": "/news/VulnCon2025.png",
+ "altText": "CVE/FIRST VulnCon 2025, April 7-10, 2025",
+ "captionText": "Click here to see the “VulnCon 2025” program agenda for all four days."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "The CVE Program and FIRST are co-hosting VulnCon 2025 this week at the McKimmon Center in Raleigh, North Carolina, USA, April 7–10, 2025."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "
Agenda
"
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "The full agenda is available now on this conference web page or view the schedule by day. Virtual attendees should check your email for session links and other details."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "Monday, April 7 — View day 1 schedule Tuesday, April 8 — View day 2 schedule Wednesday, April 9 — View day 3 schedule Thursday, April 10 — View day 4 schedule"
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "
Venue
"
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "McKimmon Center North Carolina State University 1101 Gorman St. Raleigh, North Carolina 27606 USA"
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "
Learn More About VulnCon 2025
"
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "The purpose of the VulnCon — which is open to the public — is to collaborate with various vulnerability management and cybersecurity professionals to develop forward leaning ideas that can be taken back to individual programs for action to benefit the vulnerability management ecosystem. A key goal of the conference is to understand what important stakeholders and programs are doing within the vulnerability management ecosystem and best determine how to benefit the ecosystem broadly."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "For the most up-to-date information, visit the CVE/FIRST VulnCon 2025 conference page hosted on the FIRST website."
+ }
+ ]
+ },
+ {
+ "id": 508,
+ "newsType": "news",
+ "title": "Sandisk Added as CVE Numbering Authority (CNA)",
+ "urlKeywords": "Sandisk Added as CNA",
+ "date": "2025-04-08",
+ "description": [
+ {
+ "contentnewsType": "paragraph",
+ "content": "Sandisk is now a CVE Numbering Authority (CNA) for Sandisk products listed at https://shop.sandisk.com/product-portfolio only."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "To date, 450 CNAs (447 CNAs and 3 CNA-LRs) from 40 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Sandisk is the 242nd CNA from USA."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "Sandisk’s Root is the MITRE Top-Level Root."
+ }
+ ]
+ },
+ {
+ "id": 507,
+ "newsType": "news",
+ "title": "TP-Link Added as CVE Numbering Authority (CNA)",
+ "urlKeywords": "TP-Link Added as CNA",
+ "date": "2025-04-08",
+ "description": [
+ {
+ "contentnewsType": "paragraph",
+ "content": "TP-Link Systems Inc. is now a CVE Numbering Authority (CNA) for TP-Link issues only."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "To date, 449 CNAs (446 CNAs and 3 CNA-LRs) from 40 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. TP-Link is the 241st CNA from USA."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "TP-Link’s Root is the MITRE Top-Level Root."
+ }
+ ]
+ },
+ {
+ "id": 506,
+ "newsType": "news",
+ "title": "The Qt Company Added as CVE Numbering Authority (CNA)",
+ "urlKeywords": "The Qt Company Added as CNA",
+ "date": "2025-04-08",
+ "description": [
+ {
+ "contentnewsType": "paragraph",
+ "content": "The Qt Company is now a CVE Numbering Authority (CNA) for all supported The Qt Company products."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "To date, 448 CNAs (445 CNAs and 3 CNA-LRs) from 40 countries and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign CVE Identifiers (CVE IDs) and publish CVE Records for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. The Qt Company is the 5th CNA from Finland."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "The Qt Company’s Root is the MITRE Top-Level Root."
+ }
+ ]
+ },
+ {
+ "id": 505,
+ "newsType": "blog",
+ "title": "Vulnerability Data Enrichment for CVE Records: 249 CNAs on the Enrichment Recognition List for April 7, 2025",
+ "urlKeywords": "CNA Enrichment Recognition List Update",
+ "date": "2025-04-08",
+ "author": {
+ "name": "CVE Program",
+ "organization": {
+ "name": "CVE Program",
+ "url": ""
+ },
+ "title": "",
+ "bio": ""
+ },
+ "description": [
+ {
+ "contentnewsType": "image",
+ "imageWidth": "",
+ "href": "/news/CnaEnrichmentRecognitionList.png",
+ "altText": "Increasing the Value of the CVE Record - CNA Enrichment Recognition List"
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "The “CNA Enrichment Recognition List” for April 7, 2025, is now available with 249 CNAs listed. Published every two weeks on the CVE website, the list recognizes those CVE Numbering Authorities (CNAs) that are actively providing enhanced vulnerability data in their CVE Records. CNAs are added to the list if they provide Common Vulnerability Scoring System (CVSS) and Common Weakness Enumeration (CWE™) information 98% of the time or more within the two-week period of their last published CVE Record."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "For more about the recognition list, see “Recognition for CNAs Actively Providing Vulnerability Data Enrichment for CVE Records.” To learn more about vulnerability information types like CVSS and CWE, see the CVE Record User Guide. View the most current CNA Enrichment Recognition List on the CVE website Metrics page here."
+ },
+ {
+ "contentnewsType": "paragraph",
+ "content": "CNA Enrichment Recognition List for April 7, 2025, with 249 CNAs listed:
1E Limited
9front Systems
Absolute Software
Acronis International GmbH
Adobe Systems Incorporated
Advanced Micro Devices Inc.
Alias Robotics S.L.
Amazon
AMI
ARC Informatique
Arista Networks, Inc.
Asea Brown Boveri Ltd.
ASR Microelectronics Co., Ltd.
ASUSTeK Computer Incorporation
ATISoluciones Diseño de Sistemas Electrónicos, S.L.
Austin Hackers Anonymous
Autodesk
Automotive Security Research Group (ASRG)
Avaya Inc.
Axis Communications AB
Baicells Technologies Co., Ltd.
Baxter Healthcare
Beckman Coulter Life Sciences
Becton, Dickinson and Company (BD)
BeyondTrust Inc.
Bitdefender
Bizerba SE & Co. KG
Black Duck Software, Inc.
Black Lantern Security
BlackBerry
Brocade Communications Systems LLC, a Broadcom Company
Canon EMEA
Canon Inc.
Canonical Ltd.
Carrier Global Corporation
Cato Networks
CERT.PL
CERT@VDE
Check Point Software Technologies Ltd.
Checkmarx
Checkmk GmbH
cirosec GmbH
Cisco Systems, Inc.
ClickHouse, Inc.
Cloudflare, Inc.
Concrete CMS
Crafter CMS
CrowdStrike Holdings, Inc.
CyberArk Labs
CyberDanube
Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government
Dassault Systèmes
Delinea, Inc.
Dell EMC
Delta Electronics, Inc.
Dfinity Foundation
DirectCyber
Docker Inc.
dotCMS LLC
Dragos, Inc.
Dutch Institute for Vulnerability Disclosure (DIVD)
Eaton
Eclipse Foundation
Elastic
EnterpriseDB Corporation
Environmental Systems Research Institute, Inc. (Esri)
Ericsson
ESET, spol. s r.o.
EU Agency for Cybersecurity (ENISA)
Exodus Intelligence
F5 Networks
Fedora Project (Infrastructure Software)
Fluid Attacks
Forcepoint
Forescout Technologies
Fortinet, Inc.
Fortra, LLC
FPT SOFTWARE CO., LTD
Gallagher Group Ltd
GE Healthcare
Genetec Inc.
Gitea Limited
GitHub (maintainer security advisories)
GitHub Inc, (Products Only)
GitLab Inc.
Glyph & Cog, LLC
Google LLC
Government Technology Agency of Singapore Cyber Security Group (GovTech CSG)
Grafana Labs
Gridware Cybersecurity
Hanwha Vision Co., Ltd.
HashiCorp Inc.
HCL Software
HeroDevs
HiddenLayer, Inc.
Hillstone Networks Inc.
Hitachi Vantara
Hitachi, Ltd.
Honeywell International Inc.
HP Inc.
Huawei Technologies
HYPR Corp
IBM Corporation
ICS-CERT
Indian Computer Emergency Response Team (CERT-In)
Intel Corporation
Internet Systems Consortium (ISC)
Israel National Cyber Directorate
Ivanti
Jamf
JetBrains s.r.o.
JFROG
Johnson Controls
JPCERT/CC
Juniper Networks, Inc.
Kaspersky
KrCERT/CC
Kubernetes
Lenovo Group Ltd.
Lexmark International Inc.
LG Electronics
Liferay, Inc.
Logitech
M-Files Corporation
Mattermost, Inc
Mautic
Microchip Technology
Microsoft Corporation
Milestone Systems A/S
Mitsubishi Electric Corporation
MongoDB
Moxa Inc.
N-able
National Cyber Security Centre - Netherlands (NCSC-NL)
National Cyber Security Centre Finland
National Cyber Security Centre SK-CERT
National Instruments
NetApp, Inc.
Netflix, Inc.
Netskope
NLnet Labs
NortonLifeLock Inc
Nozomi Networks Inc.
Nvidia Corporation
Odoo
Okta
OMRON Corporation
ONEKEY GmbH
Open Design Alliance
Open-Xchange
OpenAnolis
openEuler
OpenHarmony
OpenText (formerly Micro Focus)
OPPO
OTRS AG
Palantir Technologies
Palo Alto Networks
Panasonic Holdings Corporation
Pandora FMS
PaperCut Software Pty Ltd
Patchstack OÜ
Pegasystems
Pentraze Cybersecurity
Perforce
Phoenix Technologies, Inc.
Ping Identity Corporation
PlexTrac, Inc.
Progress Software Corporation
Proofpoint Inc.
Protect AI
Pure Storage, Inc.
QNAP Systems, Inc.
Qualcomm, Inc.
rami.io GmbH
Rapid7, Inc.
Real-Time Innovations, Inc.
Red Hat CNA-LR
Red Hat, Inc.
Robert Bosch GmbH
Roche Diagnostics
SailPoint Technologies
Samsung TV & Appliance
SAP SE
SBA Research gGmbH
Schneider Electric SE
Seal Security
SEC Consult Vulnerability Lab
Secomea
Securin
ServiceNow
SHENZHEN CoolKit Technology CO., LTD.
SICK AG
Siemens
Silicon Labs
Snow Software
Snyk
SoftIron
SolarWinds
Sonatype Inc.
Sophos
Spanish National Cybersecurity Institute, S.A.
Splunk
STAR Labs SG Pte. Ltd.
Super Micro Computer, Inc.
Suse
Switzerland National Cyber Security Centre (NCSC)
Synaptics
Synology Inc.
Talos
TeamViewer Germany GmbH
Teltonika Networks
Temporal Technologies Inc.
Tenable Network Security, Inc.
Thales Group
The Document Foundation
The Tcpdump Group
TianoCore.org
Tigera
Toshiba Corporation
TR-CERT (Computer Emergency Response Team of the Republic of Turkey)
Trellix
TWCERT/CC
TXOne Networks, Inc.
upKeeper Solutions
Vivo Mobile Communication Technology Co., LTD.
VulDB
VulnCheck
VULSec Labs
WatchGuard Technologies, Inc.
Western Digital
Wind River Systems Inc.
Wiz, Inc.
Wordfence
WSO2 LLC
Xerox Corporation
Xiaomi Technology Co Ltd
Yandex N.V.
Yokogawa Group
Yugabyte, Inc.
Zabbix
Zephyr Project
Zero Day Initiative
Zohocorp
Zoom Video Communications, Inc.
Zscaler, Inc.
ZTE Corporation
ZUSO Advanced Research Team (ZUSO ART)
Zyxel Corporation
"
+ }
+ ]
+ },
+ {
+ "id": 504,
+ "newsType": "news",
+ "title": "Thank You for Participating in Our “CVE Data Usage and Satisfaction Survey”",
+ "urlKeywords": "Data Usage and Satisfaction Survey Thank You",
+ "date": "2025-04-08",
+ "description": [
+ {
+ "contentnewsType": "paragraph",
+ "content": "The CVE Program sincerely thanks everyone who responded to our “CVE Data Usage and Satisfaction Survey” that opened on March 4, 2025, and closed on April 4, 2025. Your feedback will play a crucial role in enhancing the CVE Program and its service offerings."
+ }
+ ]
+ },
{
"id": 503,
- "displayOnHomepageOrder": 1,
"newsType": "blog",
"title": "LAST CHANCE — Virtual Registration for CVE/FIRST VulnCon 2025 Closes April 4",
"urlKeywords": "VulnCon 2025 Registration Closes April 4",
@@ -72,7 +244,6 @@
},
{
"id": 502,
- "displayOnHomepageOrder": 2,
"newsType": "blog",
"title": "FINAL REMINDER — Please Complete Our “CVE Data Usage and Satisfaction Survey” by April 4",
"urlKeywords": "CVE Data Usage Satisfaction Survey Final Reminder",
@@ -120,7 +291,6 @@
},
{
"id": 500,
- "displayOnHomepageOrder": 4,
"newsType": "news",
"title": "Digi Added as CVE Numbering Authority (CNA)",
"urlKeywords": "Digi Added as CNA",
@@ -142,7 +312,6 @@
},
{
"id": 499,
- "displayOnHomepageOrder": 3,
"newsType": "blog",
"title": "Vulnerability Data Enrichment for CVE Records: 250 CNAs on the Enrichment Recognition List for March 25, 2025",
"urlKeywords": "CNA Enrichment Recognition List Update",
diff --git a/src/views/About/Metrics.vue b/src/views/About/Metrics.vue
index e3750fe5..43867491 100644
--- a/src/views/About/Metrics.vue
+++ b/src/views/About/Metrics.vue
@@ -295,8 +295,8 @@
CNA Enrichment Recognition List
-
Last Updated:
- Total CNAs: 250
+
Last Updated:
+ Total CNAs: 249
1E Limited
@@ -308,13 +308,13 @@
Alias Robotics S.L.
Amazon
AMI
-
AppCheck Ltd.
ARC Informatique
Arista Networks, Inc.
Asea Brown Boveri Ltd.
ASR Microelectronics Co., Ltd.
ASUSTeK Computer Incorporation
ATISoluciones Diseño de Sistemas Electrónicos, S.L.