Good morning,

Is there a reason that ChromOS isn’t under the Alphabet/Google root? Am I 
missing some nuance?

Jay E. Gazlay
Cyber + Infrastructure Security Agency
“Simplify, then add lightness”

From: CVE Program Secretariat <>
Date: Tuesday, January 23, 2024 at 6:11 PM
To: CVE Editorial Board Discussion <>
Subject: ** Three New CNAs – ChromeOS Project, ENISA, and Milestone Systems **
CAUTION: This email originated from outside of DHS. DO NOT click links or open 
attachments unless you recognize and/or trust the sender. Contact your 
component SOC with questions or concerns.


The CVE Program is happy to announce three (3) new CNAs:
Organization Name: ChromeOS Project
Org Short Name: ChromeOS
Organization Location: USA
Scope: Vulnerabilities that are (1) reported to ChromeOS Security, (2) affect 
ChromeOS device software and hardware, including our open source dependencies, 
and (3) are not covered by another CNA’s scope.
Top-Level Root: MITRE
Disclosure Policy location:<;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5iKHDDdog$>
Advisory location:<;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5jkjfkcnA$>
Public point of contact:<>
CNA Type: Vendor, Bug Bounty Provider
Organization Name: EU Agency for Cybersecurity (ENISA)
Org Short Name: ENISA
Organization Location: Greece
Scope: Vulnerabilities in information technology (IT) products discovered by 
European Union (EU) Computer Security Incident Response Teams (CSIRTs) or 
reported to EU CSIRTs for coordinated disclosure, as long as they do not fall 
under a CNA with a more specific scope.
Top-Level Root: MITRE
Disclosure Policy location:<;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5gOhEwuOg$>
Advisory location:<;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5gtb9QyEg$>
Public point of contact:<*vulnerability-disclosure-policies__;Iw!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5jJSi-INA$>
CNA Type: Consortium
Organization Name: Milestone Systems A/S
Org Short Name: Milestone
Organization Location: Denmark
Scope: Supported Milestone XProtect products.
Top-Level Root: MITRE
Disclosure Policy location:<;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5jhItLMvg$>
Advisory location:<;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5jGQgvung$>
Public point of contact:<>
CNA Type: Vendor

Total CNAs: 353 CNAs (351 CNAs and 2 CNA-LRs)
Total Countries: 39 (+ 1 no country affiliation)

CVE Program Secretariat<>

[A picture containing text, clipart    Description automatically generated]

Reply via email to