Merge pull request #986 from 'content-rjr-975'

Author: athu-tran

src/assets/data/CNAsList.json

@@ -2477,7 +2477,16 @@
     "scope": "All ESET products only and vulnerabilities discovered by ESET that are not covered by another CNA’s scope",
     "contact": [
       {
-        "email": [],
+        "email": [
+          {
+            "label": "Email ESET PSIRT",
+            "emailAddr": "security@eset.com"
+          },
+          {
+            "label": "Email ESET Research",
+            "emailAddr": "vulnerability.disclosures@eset.com"
+          }
+        ],
         "contact": [],
         "form": []
       }
@@ -2656,7 +2665,12 @@
     "contact": [
       {
         "email": [],
-        "contact": [],
+        "contact": [
+          {
+            "label": "Fedora Bug Report page",
+            "url": "https://fedoraproject.org/wiki/Bugs_and_feature_requests"
+          }
+        ],
         "form": []
       }
     ],
@@ -3048,7 +3062,12 @@
     "scope": "All products and services developed and operated by FPT Software, as well as vulnerabilities in third-party software discovered by FPT Software that are not in another CNA’s scope",
     "contact": [
       {
-        "email": [],
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "security@fsoft.com.vn"
+          }
+        ],
         "contact": [],
         "form": []
       }
@@ -6101,7 +6120,12 @@
     "contact": [
       {
         "email": [],
-        "contact": [],
+        "contact": [
+          {
+            "label": "Objective Development security page",
+            "url": "https://obdev.at/go/cna"
+          }
+        ],
         "form": []
       }
     ],
@@ -8737,62 +8761,6 @@
     },
     "country": "USA"
   },
-  {
-    "shortName": "Teradici",
-    "cnaID": "CNA-2020-0014",
-    "organizationName": "HP Teradici",
-    "scope": "Teradici issues only",
-    "contact": [
-      {
-        "email": [
-          {
-            "label": "Email",
-            "emailAddr": "security@teradici.com"
-          }
-        ],
-        "contact": [],
-        "form": []
-      }
-    ],
-    "disclosurePolicy": [
-      {
-        "label": "Policy",
-        "language": "",
-        "url": "https://support.hp.com/us-en/document/c06144280"
-      }
-    ],
-    "securityAdvisories": {
-      "alerts": [],
-      "advisories": [
-        {
-          "label": "Advisories",
-          "url": "https://support.hp.com/us-en/security-bulletins?_ga=2.52066153.1555391873.1648475616-2006159475.1648475616"
-        }
-      ]
-    },
-    "resources": [],
-    "CNA": {
-      "isRoot": false,
-      "root": {
-        "shortName": "n/a",
-        "organizationName": "n/a"
-      },
-      "type": [
-        "Vendors and Projects"
-      ],
-      "TLR": {
-        "shortName": "mitre",
-        "organizationName": "MITRE Corporation"
-      },
-      "roles": [
-        {
-          "helpText": "",
-          "role": "CNA"
-        }
-      ]
-    },
-    "country": "Canada"
-  },
   {
     "shortName": "TianoCore",
     "cnaID": "CNA-2020-0031",
@@ -12265,5 +12233,61 @@
       ]
     },
     "country": "USA"
-  }      
+  },
+  {
+    "shortName": "ASRG",
+    "cnaID": "CNA-2022-0006",
+    "organizationName": "Automotive Security Research Group (ASRG)",
+    "scope": "All automotive and related infrastructure vulnerabilities that are not in another CNA’s scope",
+    "contact": [
+      {
+        "email": [
+          {
+            "label": "Email",
+            "emailAddr": "cve@asrg.io"
+          }
+        ],
+        "contact": [],
+        "form": []
+      }
+    ],
+    "disclosurePolicy": [
+      {
+        "label": "Policy",
+        "language": "",
+        "url": "https://www.asrg.io/disclosure/"
+      }
+    ],
+    "securityAdvisories": {
+      "alerts": [],
+      "advisories": [
+        {
+          "label": "Advisories",
+          "url": "https://www.asrg.io/security-advisories/"
+        }
+      ]
+    },
+    "resources": [],
+    "CNA": {
+      "isRoot": false,
+      "root": {
+        "shortName": "n/a",
+        "organizationName": "n/a"
+      },
+      "roles": [
+        {
+          "helpText": "",
+          "role": "CNA"
+        }
+      ],
+      "TLR": {
+        "shortName": "icscert",
+        "organizationName": "Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)"
+      },
+      "type": [
+        "Vulnerability Researchers"
+      ]
+    },
+    "country": "USA"
+  }        
 ]

src/assets/data/news.json

@@ -1,5 +1,29 @@
 {
   "currentNews": [
+    {          
+      "id": 76,         
+      "newsType": "news",
+      "title": "Automotive Security Research Group (ASRG) Added as CVE Numbering Authority (CNA)",
+      "date": "2022-04-05",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "<a href='/PartnerInformation/ListofPartners/partner/ASRG'>Automotive Security Research Group (ASRG)</a> is now a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCNA'>CVE Numbering Authority (CNA)</a> for all automotive and related infrastructure vulnerabilities that are not in another CNA’s scope."
+        },
+        {
+          "contentnewsType": "paragraph", 
+          "content": "To date, <a href='/PartnerInformation/ListofPartners'>214</a> organizations from <a href='/ProgramOrganization/CNAs'>34</a> countries have partnered with the CVE Program. CNAs are organizations from around the world that are authorized to assign <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> to vulnerabilities affecting products within their distinct, agreed-upon scope, for inclusion in first-time public announcements of new vulnerabilities."
+        },
+        {
+          "contentnewsType": "paragraph", 
+          "content": "ASRG’s Root is the <a href='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS Top-Level Root</a>."
+        },     
+        {
+          "contentnewsType": "paragraph", 
+          "content": "To request a CVE ID number from a CNA, visit <a href='/ResourcesSupport/ReportRequest#RequestCVEID'>Request a CVE ID</a>."
+        }
+      ]
+    },
     {
       "id": 75,
       "newsType": "news",
@@ -15,7 +39,7 @@
           "content": "The CVE Board is the organization responsible for the strategic direction, governance, operational structure, policies, and rules of the CVE Program. The Board includes members from numerous cybersecurity-related organizations including commercial security tool vendors, academia, research institutions, government departments and agencies, and other prominent security experts, as well as end-users of vulnerability information."
         }
       ]
-    },          
+    }, 
     {
       "id": 74,         
       "newsType": "news",

src/views/PartnerInformation/PartnerDetails.vue

@@ -15,7 +15,7 @@
                 <div class="level-item has-text-centered">
                   <div>
                     <p class="mb-1">Step 1: Read disclosure policy</p>
-                    <ul class="tile-body cve-task-tile-list mt-1 mb-0 ml-3 pb-2 pl-0" v-if="partner.disclosurePolicy.length > 0">
+                    <ul class="tile-body cve-task-tile-list mt-1 mb-0 ml-3 pb-1 pl-0" v-if="partner.disclosurePolicy.length > 0">
                       <li class="cve-list-no-bullet" v-for="(disclosurePolicy, index) in partner.disclosurePolicy"
                         :key="partner.shortName + 'disclosurePolicy' + index">
                         <a v-if="((disclosurePolicy.url).length) > 0" :href="disclosurePolicy.url" target="_blank">
@@ -30,20 +30,20 @@
                   <div>
                     <p class="mb-1">Step 2: Contact</p>
                     <div v-for="(contact, index) in partner.contact" :key="partner.shortName+'contact'+index">
-                      <ul class="tile-body cve-task-tile-list mt-1 mb-0 ml-3 pb-2 pl-0" v-if="contact.email.length > 0">
+                      <ul class="tile-body cve-task-tile-list mt-1 mb-0 ml-3 pb-1 pl-0" v-if="contact.email.length > 0">
                         <li class="cve-list-no-bullet" v-for="(email, index) in contact.email" :key="partner.shortName + 'email' + index">
                           <span v-if="email.label == email.emailAddr">
                             Email <a :href="'mailto:' + $sanitize(email.emailAddr)"> {{email.label}}</a>
                           </span>
                           <span v-else><a :href="'mailto:' + $sanitize(email.emailAddr)"> {{email.label}}</a></span>
                         </li>
                       </ul>
-                      <ul class="tile-body cve-task-tile-list mt-1 mb-0 ml-3 pb-2 pl-0" v-if="contact.form.length > 0">
+                      <ul class="tile-body cve-task-tile-list mt-1 mb-0 ml-3 pb-1 pl-0" v-if="contact.form.length > 0">
                         <li class="cve-list-no-bullet" v-for="(form, index) in contact.form" :key="partner.shortName + 'form' + index">
                           <a :href="form.url" target="_blank"> {{form.label}}</a>
                         </li>
                       </ul>
-                      <ul class="tile-body cve-task-tile-list mt-1 mb-0 ml-3 pb-2 pl-0" v-if="contact.contact.length > 0">
+                      <ul class="tile-body cve-task-tile-list mt-1 mb-0 ml-3 pb-1 pl-0" v-if="contact.contact.length > 0">
                         <li class="cve-list-no-bullet" v-for="(contactPage, index) in contact.contact"
                           :key="partner.shortName + 'contactPage' + index">
                           <a :href="contactPage.url" target="_blank"> {{contactPage.label}}</a>
@@ -156,6 +156,9 @@ export default {
   font-size: 18px;
 }
 
+.level {
+  align-items: flex-start;
+}
 .level-item {
   padding-top: 8px;
 }

src/views/ResourcesSupport/ReportRequest.vue

@@ -19,11 +19,7 @@
             <div class="areYouAcnaSection content">
               <h3 class="title">Are you a CNA?</h3>
               <p>
-                Sign up for a
-                <a href="https://forms.monday.com/forms/03132d0646401f5d10d06c60e25444a1?r=use1" target="_blank">
-                  CVE Services Organizational Account
-                </a>
-                to obtain CVE IDs through the fully automated ID Reservation Service, or use the
+                Sign up for a CVE Services Organizational Account through your Root to obtain CVE IDs through the fully automated ID Reservation Service, or use the
                 <a href="https://cveform.mitre.org/" target="_blank">CVE Request Form</a> to request IDs manually.
               </p>
               <p>