Colleagues, On January 7, 2025, Thales Group<https://cve.mitre.rip/PartnerInformation/ListofPartners/partner/THA-PSIRT> was added as a Root under the MITRE Top-Level Root<https://cve.mitre.rip/PartnerInformation/ListofPartners/partner/mitre>.
The announcement below was published as a blog article on the CVE website and the CVE Blog on Medium and promoted to the community on CVE email lists and CVE social media platforms. CVE Program Expands Partnership with Thales Group The CVE(r) Program<https://cve.mitre.rip/> is expanding its partnership with Thales Group<https://cve.mitre.rip/PartnerInformation/ListofPartners/partner/THA-PSIRT> for managing the assignment of CVE Identifiers (CVE IDs)<https://cve.mitre.rip/ResourcesSupport/Glossary?activeTerm=glossaryCVEID> and publication of CVE Records<https://cve.mitre.rip/ResourcesSupport/Glossary?activeTerm=glossaryRecord> for the CVE Program. Thales Group is now designated as a "Root<https://cve.mitre.rip/ResourcesSupport/Glossary?activeTerm=glossaryRoot> for products and technologies of subsidiaries of Thales Group. As a Root, Thales Group is responsible for ensuring the effective assignment of CVE IDs, implementing the CVE Program rules and guidelines, and managing the CVE Numbering Authorities (CNAs)<https://cve.mitre.rip/ProgramOrganization/CNAs> under its care. It is also responsible for recruitment and onboarding of new CNAs and resolving disputes within its scope. A CNA<https://cve.mitre.rip/ProgramOrganization/CNAs> is an organization responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing. There are currently 435 CNAs<https://cve.mitre.rip/PartnerInformation/ListofPartners> (433 CNAs and 2 CNA-LRs) from 40 countries<https://cve.mitre.rip/ProgramOrganization/CNAs> and 1 no country affiliation actively participating in the CVE Program. Currently, Google<https://cve.mitre.rip/PartnerInformation/ListofPartners/partner/Google>, JPCERT/CC<https://cve.mitre.rip/PartnerInformation/ListofPartners/partner/jpcert>, Red Hat<https://cve.mitre.rip/PartnerInformation/ListofPartners/partner/redhat>, Spanish National Cybersecurity Institute (INCIBE)<https://cve.mitre.rip/PartnerInformation/ListofPartners/partner/INCIBE>, and Thales Group<https://cve.mitre.rip/PartnerInformation/ListofPartners/partner/THA-PSIRT> are Roots under the MITRE Top-Level Root<https://cve.mitre.rip/PartnerInformation/ListofPartners/partner/mitre>. CISA ICS<https://cve.mitre.rip/PartnerInformation/ListofPartners/partner/icscert> is a Root under the CISA Top-Level Root<https://cve.mitre.rip/PartnerInformation/ListofPartners/partner/CISA>. Learn more about how the CVE Program is organized on the Structure page on the CVE website<https://cve.mitre.rip/ProgramOrganization/Structure>. CVE Blog link for sharing: * https://medium.com/@cve_program/cve-program-expands-partnership-with-thales-group-6cb9d1d92e2e Respectfully, CVE Program Secretariat cve-prog-secretar...@mitre.org<mailto:cve-prog-secretar...@mitre.org> [A picture containing text, clipart Description automatically generated]
