Good morning, Is there a reason that ChromOS isn’t under the Alphabet/Google root? Am I missing some nuance?
Jay E. Gazlay 202.262.7284 Cyber + Infrastructure Security Agency “Simplify, then add lightness” From: CVE Program Secretariat <cve-prog-secretar...@mitre.org> Date: Tuesday, January 23, 2024 at 6:11 PM To: CVE Editorial Board Discussion <cve-editorial-board-list@mitre.org> Subject: ** Three New CNAs – ChromeOS Project, ENISA, and Milestone Systems ** CAUTION: This email originated from outside of DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions or concerns. Colleagues, The CVE Program is happy to announce three (3) new CNAs: Organization Name: ChromeOS Project Org Short Name: ChromeOS Organization Location: USA Scope: Vulnerabilities that are (1) reported to ChromeOS Security, (2) affect ChromeOS device software and hardware, including our open source dependencies, and (3) are not covered by another CNA’s scope. Top-Level Root: MITRE Disclosure Policy location: https://www.google.com/about/appsecurity/research/<https://urldefense.us/v3/__https:/www.google.com/about/appsecurity/research/__;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5iKHDDdog$> Advisory location: https://chromereleases.googleblog.com/<https://urldefense.us/v3/__https:/chromereleases.googleblog.com/__;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5jkjfkcnA$> Public point of contact: chromeos-secur...@chromium.org<mailto:chromeos-secur...@chromium.org> CNA Type: Vendor, Bug Bounty Provider Organization Name: EU Agency for Cybersecurity (ENISA) Org Short Name: ENISA Organization Location: Greece Scope: Vulnerabilities in information technology (IT) products discovered by European Union (EU) Computer Security Incident Response Teams (CSIRTs) or reported to EU CSIRTs for coordinated disclosure, as long as they do not fall under a CNA with a more specific scope. Top-Level Root: MITRE Disclosure Policy location: https://csirtsnetwork.eu/homepage?tab=cvd<https://urldefense.us/v3/__https:/csirtsnetwork.eu/homepage?tab=cvd__;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5gOhEwuOg$> Advisory location: https://github.com/enisaeu/CNW/tree/main/advisories<https://urldefense.us/v3/__https:/github.com/enisaeu/CNW/tree/main/advisories__;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5gtb9QyEg$> Public point of contact: https://github.com/enisaeu/CNW/tree/main#vulnerability-disclosure-policies<https://urldefense.us/v3/__https:/github.com/enisaeu/CNW/tree/main*vulnerability-disclosure-policies__;Iw!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5jJSi-INA$> CNA Type: Consortium Organization Name: Milestone Systems A/S Org Short Name: Milestone Organization Location: Denmark Scope: Supported Milestone XProtect products. Top-Level Root: MITRE Disclosure Policy location: https://www.milestonesys.com/psirt<https://urldefense.us/v3/__https:/www.milestonesys.com/psirt__;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5jhItLMvg$> Advisory location: https://www.milestonesys.com/support/help-and-documentation/cyber-security/recent-vulnerabilities/<https://urldefense.us/v3/__https:/www.milestonesys.com/support/help-and-documentation/cyber-security/recent-vulnerabilities/__;!!BClRuOV5cvtbuNI!DeMWZrVkr5Vktjnua2XtZMkVYLPlKOHnIYm9j4wnvG65N9LRdOffjmWmGq5hlwidkElGQ_DYAXOH7oIB5abg9Iy2B5jGQgvung$> Public point of contact: ps...@milestonesys.com<mailto:ps...@milestonesys.com> CNA Type: Vendor Total CNAs: 353 CNAs (351 CNAs and 2 CNA-LRs) Total Countries: 39 (+ 1 no country affiliation) Respectfully, CVE Program Secretariat cve-prog-secretar...@mitre.org<mailto:cve-prog-secretar...@mitre.org> [A picture containing text, clipart Description automatically generated]