Colleagues, The CVE Program is happy to announce three (3) new CNAs: Organization Name: ChromeOS Project Org Short Name: ChromeOS Organization Location: USA Scope: Vulnerabilities that are (1) reported to ChromeOS Security, (2) affect ChromeOS device software and hardware, including our open source dependencies, and (3) are not covered by another CNA’s scope. Top-Level Root: MITRE Disclosure Policy location: https://www.google.com/about/appsecurity/research/ Advisory location: https://chromereleases.googleblog.com/ Public point of contact: chromeos-secur...@chromium.org<mailto:chromeos-secur...@chromium.org> CNA Type: Vendor, Bug Bounty Provider Organization Name: EU Agency for Cybersecurity (ENISA) Org Short Name: ENISA Organization Location: Greece Scope: Vulnerabilities in information technology (IT) products discovered by European Union (EU) Computer Security Incident Response Teams (CSIRTs) or reported to EU CSIRTs for coordinated disclosure, as long as they do not fall under a CNA with a more specific scope. Top-Level Root: MITRE Disclosure Policy location: https://csirtsnetwork.eu/homepage?tab=cvd Advisory location: https://github.com/enisaeu/CNW/tree/main/advisories Public point of contact: https://github.com/enisaeu/CNW/tree/main#vulnerability-disclosure-policies CNA Type: Consortium Organization Name: Milestone Systems A/S Org Short Name: Milestone Organization Location: Denmark Scope: Supported Milestone XProtect products. Top-Level Root: MITRE Disclosure Policy location: https://www.milestonesys.com/psirt Advisory location: https://www.milestonesys.com/support/help-and-documentation/cyber-security/recent-vulnerabilities/ Public point of contact: ps...@milestonesys.com<mailto:ps...@milestonesys.com> CNA Type: Vendor
Total CNAs: 353 CNAs (351 CNAs and 2 CNA-LRs) Total Countries: 39 (+ 1 no country affiliation) Respectfully, CVE Program Secretariat cve-prog-secretar...@mitre.org<mailto:cve-prog-secretar...@mitre.org> [A picture containing text, clipart Description automatically generated]
