Thank you!! Jay E. Gazlay 202.262.7284 Cyber + Infrastructure Security Agency “Simplify, then add lightness” ________________________________ From: Dave Morse <dmo...@mitre.org> Sent: Wednesday, January 24, 2024 9:00:49 AM To: Gazlay, Jay (He/Him) <jay.gaz...@cisa.dhs.gov>; CVE Program Secretariat <cve-prog-secretar...@mitre.org>; CVE Editorial Board Discussion <cve-editorial-board-list@mitre.org> Subject: Re: ** Three New CNAs – ChromeOS Project, ENISA, and Milestone Systems **
Good morning Jay, Sorry for the omission – normally the Root would be included but was accidentally left out of this email. Yes, for the Chrome CNA the Root is Google. Please let us know if you have any questions. Much appreciated, Dave David L. Morse | +1 (571) 488-2982<tel:+15714882982> Manager, Program Coordination, CVE/CWE From: Gazlay, Jay (He/Him) <jay.gaz...@cisa.dhs.gov> Date: Wednesday, January 24, 2024 at 5:58 AM To: CVE Program Secretariat <cve-prog-secretar...@mitre.org>, CVE Editorial Board Discussion <cve-editorial-board-list@mitre.org> Subject: [EXT] Re: ** Three New CNAs – ChromeOS Project, ENISA, and Milestone Systems ** Good morning, Is there a reason that ChromOS isn’t under the Alphabet/Google root? Am I missing some nuance? Jay E. Gazlay 202. 262. 7284 Cyber + Infrastructure Security Agency “Simplify, then add lightness” From: CVE Program Secretariat <cve-prog-secretariat@ mitre. org> Good morning, Is there a reason that ChromOS isn’t under the Alphabet/Google root? Am I missing some nuance? Jay E. Gazlay 202.262.7284 Cyber + Infrastructure Security Agency “Simplify, then add lightness” From: CVE Program Secretariat <cve-prog-secretar...@mitre.org> Date: Tuesday, January 23, 2024 at 6:11 PM To: CVE Editorial Board Discussion <cve-editorial-board-list@mitre.org> Subject: ** Three New CNAs – ChromeOS Project, ENISA, and Milestone Systems ** CAUTION: This email originated from outside of DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions or concerns. Colleagues, The CVE Program is happy to announce three (3) new CNAs: Organization Name: ChromeOS Project Org Short Name: ChromeOS Organization Location: USA Scope: Vulnerabilities that are (1) reported to ChromeOS Security, (2) affect ChromeOS device software and hardware, including our open source dependencies, and (3) are not covered by another CNA’s scope. Top-Level Root: MITRE Disclosure Policy location: https://www.google.com/about/appsecurity/research/<https://urldefense.us/v3/__https:/www.google.com/about/appsecurity/research/__;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5iKHDDdog$> Advisory location: https://chromereleases.googleblog.com/<https://urldefense.us/v3/__https:/chromereleases.googleblog.com/__;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5jkjfkcnA$> Public point of contact: chromeos-secur...@chromium.org<mailto:chromeos-secur...@chromium.org> CNA Type: Vendor, Bug Bounty Provider Organization Name: EU Agency for Cybersecurity (ENISA) Org Short Name: ENISA Organization Location: Greece Scope: Vulnerabilities in information technology (IT) products discovered by European Union (EU) Computer Security Incident Response Teams (CSIRTs) or reported to EU CSIRTs for coordinated disclosure, as long as they do not fall under a CNA with a more specific scope. Top-Level Root: MITRE Disclosure Policy location: https://csirtsnetwork.eu/homepage?tab=cvd<https://urldefense.us/v3/__https:/csirtsnetwork.eu/homepage?tab=cvd__;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5gOhEwuOg$> Advisory location: https://github.com/enisaeu/CNW/tree/main/advisories<https://urldefense.us/v3/__https:/github.com/enisaeu/CNW/tree/main/advisories__;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5gtb9QyEg$> Public point of contact: https://github.com/enisaeu/CNW/tree/main#vulnerability-disclosure-policies<https://urldefense.us/v3/__https:/github.com/enisaeu/CNW/tree/main*vulnerability-disclosure-policies__;Iw!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5jJSi-INA$> CNA Type: Consortium Organization Name: Milestone Systems A/S Org Short Name: Milestone Organization Location: Denmark Scope: Supported Milestone XProtect products. Top-Level Root: MITRE Disclosure Policy location: https://www.milestonesys.com/psirt<https://urldefense.us/v3/__https:/www.milestonesys.com/psirt__;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5jhItLMvg$> Advisory location: https://www.milestonesys.com/support/help-and-documentation/cyber-security/recent-vulnerabilities/<https://urldefense.us/v3/__https:/www.milestonesys.com/support/help-and-documentation/cyber-security/recent-vulnerabilities/__;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5jGQgvung$> Public point of contact: ps...@milestonesys.com<mailto:ps...@milestonesys.com> CNA Type: Vendor Total CNAs: 353 CNAs (351 CNAs and 2 CNA-LRs) Total Countries: 39 (+ 1 no country affiliation) Respectfully, CVE Program Secretariat cve-prog-secretar...@mitre.org<mailto:cve-prog-secretar...@mitre.org> [A picture containing text, clipart Description automatically generated]
