7/1/25 release branch (#3627)

rroberge · web-flow · commit cc322eb56d8b · 2025-07-01T16:01:17.000-04:00
* #3625 Update 1 Event * #3624 Add 2 new CNAs + Update 1 CNA's info * #3626 Add 2 new WGs * #3626 Update Events page
diff --git a/src/assets/data/CNAsList.json b/src/assets/data/CNAsList.json
@@ -5243,7 +5243,7 @@
       "advisories": [
         {
           "label": "Advisories",
-          "url": "https://www.mongodb.com/security"
+          "url": "https://www.mongodb.com/resources/products/mongodb-security-bulletins"
         }
       ]
     },
@@ -26140,5 +26140,117 @@
       ]
     },
     "country": "Belgium"
+  },
+  {
+    "shortName": "MHV",
+    "cnaID": "CNA-2025-0032",
+    "organizationName": "Maritime Hacking Village",
+    "scope": "Vulnerabilities discovered by researchers in collaboration with Maritime Hacking Village that are not in another CNA’s scope.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "cve-coordination@maritimehackingvillage.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.maritimehackingvillage.com/cvd"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://maritimehackingvillage.com/security-advisory"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "icscert",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "CISA",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA)"
+      },
+      "type": [
+        "Researcher"
+      ]
+    },
+    "country": "USA"
+  },
+  {
+    "shortName": "FERMAX",
+    "cnaID": "CNA-2025-0032",
+    "organizationName": "Fermax Technologies SLU",
+    "scope": "Vulnerabilities discovered in the services and applications of the MeetMe and DuoxMe products that are not covered by another CNA’s scope.",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "security@fermax.com"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.fermax.com/legal/en/vulnerability-management-policy"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.fermax.com/security-advisories"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "INCIBE",
+        "organizationName": "Spanish National Cybersecurity Institute, S.A. (INCIBE)"
+      },
+      "type": [
+        "Vendor"
+      ],
+      "TLR": {
+        "shortName": "mitre",
+        "organizationName": "MITRE Corporation"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ]
+    },
+    "country": "Spain"
   }
 ]
diff --git a/src/assets/data/events.json b/src/assets/data/events.json
@@ -1,5 +1,21 @@
 {
   "currentEvents": [
+    {
+      "id": 38,
+      "title": "Researcher Working Group (RWG) Meeting",
+      "location": "Virtual",
+      "description": "Focused on giving voice to, and establishing working norms for, the extended community of designated Researcher CNAs. This includes providing guidance and advice to the research community, as well as other research community activities designed to promote the CVE Program.",
+      "permission": "private",
+      "url": "/ProgramOrganization/WorkingGroups#ResearcherWorkingGroupRWG",
+      "date": {
+        "start": "2025-07-01",
+        "end": "2025-12-31",
+        "repeat": {
+          "day": "Tuesday",
+          "recurrence": "weekly"
+        }
+      }
+    },
     {
       "id": 37,
       "title": "CVE/FIRST VulnCon 2027",
@@ -28,7 +44,6 @@
     },
     {
       "id": 36,
-      "displayOnHomepageOrder": 1,
       "title": "37th Annual FIRST Conference (CVE Program Booth #15)",
       "location": "Copenhagen, Denmark",
       "description": "CVE Program <a href='https://www.first.org/conference/2025/FIRSTCON25_Exhibitor_Map_FINAL.pdf' target='_blank'>Booth #15</a>.<br/><br/>Exhibitor Schedule for Hall E: Monday, June 23 through Thursday, June 26 during all break times. Also, during the Sponsor Showcase Reception on Monday evening, June 23, from 17:30-19:30.",
diff --git a/src/assets/data/metrics.json b/src/assets/data/metrics.json
@@ -1153,7 +1153,7 @@
         },
         {
           "month": "July",
-          "value": "TBA"
+          "value": "2"
         },
         {
           "month": "August",
diff --git a/src/assets/data/navigation.json b/src/assets/data/navigation.json
@@ -203,6 +203,10 @@
             "anchorId": "CNAOrganizationOfPeersCOOP",
             "label": "CNA Organization of Peers (COOP)"
           },
+          "CVE Consumer Working Group (CWG)": {
+            "anchorId": "CVEConsumerWorkingGroupCWG",
+            "label": "CVE Consumer Working Group (CWG)"
+          },
           "CVE Artificial Intelligence Working Group (CVEAI WG)": {
             "anchorId": "CVEArtificialIntelligenceWorkingGroupCVEAIWG",
             "label": "CVE Artificial Intelligence Working Group (CVEAI WG)"
@@ -215,6 +219,10 @@
             "anchorId": "QualityWorkingGroupQWG",
             "label": "Quality Working Group (QWG)"
           },
+          "Researcher Working Group (RWG)": {
+            "anchorId": "ResearcherWorkingGroupRWG",
+            "label": "Researcher Working Group (RWG)"
+          },
           "Strategic Planning Working Group (SPWG)": {
             "anchorId": "StrategicPlanningWorkingGroupSPWG",
             "label": "Strategic Planning Working Group (SPWG)"
diff --git a/src/assets/data/news.json b/src/assets/data/news.json
@@ -1,5 +1,89 @@
 {
   "currentNews": [
+    {
+      "id": 541,
+      "newsType": "news",
+      "title": "Fermax Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Fermax Added as CNA",
+      "date": "2025-07-01",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/FERMAX'>Fermax Technologies SLU</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities discovered in the services and applications of the MeetMe and DuoxMe products that are not covered by another CNA’s scope."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>456 CNAs</a> (453 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Fermax is the 9th CNA from Spain."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Fermax’s Root is the <a href='/PartnerInformation/ListofPartners/partner/INCIBE'>Spanish National Cybersecurity Institute (INCIBE) Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 540,
+      "newsType": "news",
+      "title": "Maritime Hacking Village Added as CVE Numbering Authority (CNA)",
+      "urlKeywords": "Maritime Hacking Village Added as CNA",
+      "date": "2025-07-01",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/MHV'>Maritime Hacking Village</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for vulnerabilities discovered by researchers in collaboration with Maritime Hacking Village that are not in another CNA’s scope."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>455 CNAs</a> (452 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Maritime Hacking Village is the 249th CNA from USA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Maritime Hacking Village’s Root is the <a href='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS Root</a>."
+        }
+      ]
+    },
+    {
+      "id": 539,
+      "newsType": "news",
+      "title": "New “CVE Consumer Working Group” Open to the Public",
+      "urlKeywords": "New CVE Consumer WG",
+      "date": "2025-07-01",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVE Program’s newest public working group (WG), the <a href='/ProgramOrganization/WorkingGroups#CVEConsumerWorkingGroupCWG'>CVE Consumer Working Group (CWG)</a>, will serve as a dedicated forum for representing the perspectives of end-consumers of <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEList'>CVE List</a> data, such as enterprises, security teams, vulnerability analysts, government agencies, managed security service providers (MSSPs), academic researchers, software vendors and tool developers who rely on CVE data to support decision-making, operational defense, and risk management. The CWG will identify consumer needs, evaluate the usability of CVE data, and recommend improvements to ensure that the CVE Program remains aligned with real-world use cases."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CWG is open to external stakeholders who consume and work with CVE data, as well as <a href='/ProgramOrganization/Board'>CVE Board</a> members, <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a>, and <a href='/ProgramOrganization/ADPs'>Authorized Data Publishers (ADPs)</a>. Individuals with relevant perspectives on CVE consumption are encouraged to participate."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Request to join the CWG <a href='/ProgramOrganization/WorkingGroups#cve-how-to-join'>here</a>."
+        }
+      ]
+    },
+    {
+      "id": 538,
+      "newsType": "news",
+      "title": "CVE Program Adds “Researcher Working Group” for Researcher and Bug Bounty CNAs",
+      "urlKeywords": "CVE Program Adds Researcher WG for CNAs",
+      "date": "2025-07-01",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The CVE Program has added a new working group (WG), the <a href='/ProgramOrganization/WorkingGroups#ResearcherWorkingGroupRWG'>Researcher Working Group (RWG)</a>, with the purpose of giving voice to, and establishing working norms for, the extended community of designated Researcher <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a>. This includes providing guidance and advice to the research community, as well as other research community activities designed to promote the CVE Program."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "In order to build and preserve a “TLP: Amber” level of trust among working group participants, membership to the group is limited to representatives of currently active <a href='/ProgramOrganization/CNAs'>CNAs</a> that are designated as either research CNAs or bug bounty CNAs, as designated by the CVE Program <a href='/ResourcesSupport/Glossary?activeTerm=glossarySecretariat'>Secretariat</a>, as well as their respective <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRoot'>Roots</a> and the <a href='/ProgramOrganization/Board'>CVE Board</a>. From time to time, individuals not associated with research or bug bounty CNAs may also be invited to join upon reaching consensus of the existing membership. There is no limit to the number of representatives a given CNA may have as members of the group."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Researcher CNAs may request to join the RWG <a href='/ProgramOrganization/WorkingGroups#cve-how-to-join'>here</a>."
+        }
+      ]
+    },
     {
       "id": 537,
       "newsType": "news",
@@ -13,7 +97,7 @@
         },
         {
           "contentnewsType": "paragraph",
-          "content": "To date, <a href='/PartnerInformation/ListofPartners'>455 CNAs</a> (452 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Toreon is the 4th CNA from Belgium."
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>454 CNAs</a> (451 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publish <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities. Toreon is the 4th CNA from Belgium."
         },
         {
           "contentnewsType": "paragraph",
@@ -74,7 +158,6 @@
     },
     {
       "id": 534,
-      "displayOnHomepageOrder": 1,
       "newsType": "blog",
       "title": "“CVE List Keyword Search” on CVE.ORG Website Updated",
       "urlKeywords": "CVE List Keyword Search Updated",
diff --git a/src/views/ProgramOrganization/WorkingGroups.vue b/src/views/ProgramOrganization/WorkingGroups.vue

Original file line number	Diff line number	Diff line change
`@@ -1153,7 +1153,7 @@`
`1153`	`1153`	`},`
`1154`	`1154`	`{`
`1155`	`1155`	`"month": "July",`
`1156`		`- "value": "TBA"`
	`1156`	`+ "value": "2"`
`1157`	`1157`	`},`
`1158`	`1158`	`{`
`1159`	`1159`	`"month": "August",`