11/20/25 release branch (#3775)

* #3773 Update AWG c-chairs on Working Groups page

* #3771 Add ENISA as Root

Author: rroberge

public/images/news/NewCVEProgramRoot.png

@@ -19736,7 +19736,7 @@
     "shortName": "ENISA",
     "cnaID": "CNA-2024-0008",
     "organizationName": "EU Agency for Cybersecurity (ENISA)",
-    "scope": "Vulnerabilities in information technology (IT) products discovered by European Union (EU) Computer Security Incident Response Teams (CSIRTs) or reported to EU CSIRTs for coordinated disclosure, as long as they do not fall under a CNA with a more specific scope.",
+    "scope": "<strong>Root Scope:</strong> European Union (EU) member states/EU authorities, EU CSIRTs network members, and cooperative partners under ENISA’s mandate as well as other CNAs who choose ENISA as their Root<br/><br/><strong>CNA Scope:</strong> Vulnerabilities in information technology (IT) products discovered by European Union (EU) Computer Security Incident Response Teams (CSIRTs) or reported to EU CSIRTs for coordinated disclosure, as long as they do not fall under a CNA with a more specific scope.",
     "contact": [
       {
         "email": [],
@@ -19773,6 +19773,10 @@
         "organizationName": "n/a"
       },
       "roles": [
+        {
+          "helpText": "",
+          "role": "Root"
+        },
         {
           "helpText": "",
           "role": "CNA"
@@ -24168,7 +24172,7 @@
         "email": [
           {
             "label": "Email",
-            "emailAddr": "cve-coordination@s21sec.com"
+            "emailAddr": "es.dis.s21sec.cve.coordination@thalesgroup.com"
           }
         ],
         "contact": [],

src/assets/data/CNAsList.json

@@ -1,5 +1,99 @@
 {
   "currentNews": [
+    {
+      "id": 604,
+      "newsType": "blog",
+      "title": "CVE Program Expands Partnership with European Union Agency for Cybersecurity (ENISA)—ENISA Is Now a Root in the CVE Program",
+      "urlKeywords": "ENISA Root CVE Program",
+      "date": "2025-11-20",
+      "author": {
+        "name": "CVE Program",
+        "organization": {
+          "name": "CVE Program",
+          "url": ""
+        },
+        "title": "",
+        "bio": ""
+      },
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "The <a href='/'>CVE Program</a> is expanding its partnership with the <a href='/PartnerInformation/ListofPartners/partner/ENISA'>European Union Agency for Cybersecurity (ENISA)</a> for managing the assignment of <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publication of <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for the CVE Program. ENISA is now designated as a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRoot'>Root</a> for EU member states/EU authorities, EU CSIRTs network members, and cooperative partners under ENISA’s mandate as well as other <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> who choose ENISA as their Root."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The addition of ENISA as Root is a significant milestone for the CVE Program. ENISA’s new role directly supports shared goals around expanding international participation in operational and governance roles. It also demonstrates continued progress by the program in growing the Root community and advancing federated operations where additional organizations help scale CNA engagement, onboarding, and data quality across respective program hierarchies."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "As a Root, ENISA is responsible for ensuring the effective assignment of CVE IDs, implementing the CVE Program rules and guidelines, and managing the <a href='/ProgramOrganization/CNAs'>CNAs</a> under its care. It is also responsible for recruitment and onboarding of new CNAs and resolving disputes within its scope."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "A <a href='/ProgramOrganization/CNAs'>CNA</a> is an organization responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing. There are currently <a href='/PartnerInformation/ListofPartners'>483 CNAs</a> (480 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation actively participating in the CVE Program."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "For existing CNAs who are eligible and interested in moving under ENISA’s Root, the CVE Program encourages a collaborative and voluntary transition. The CVE Program will closely engage with each organization to ensure a smooth transition process. A transition period is foreseen for those CNAs who intend to change Root. The phased approach by ENISA will allow for thoughtful coordination, ongoing support, and alignment with the preferences and operational needs of each CNA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "As a Root, ENISA will join the CVE Program Council of Roots, which focuses on operational coordination across the CVE Program’s Root hierarchies. At an international level, CVE Program Roots include MITRE, CISA, Google, and Red Hat from the US, and JPCERT/CC from Japan. Within the EU, Roots include INCIBE Cert, Thales Group, and, most recently, CERT@VDE."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Currently, <a href='/PartnerInformation/ListofPartners/partner/ENISA'>ENISA</a>, <a href='/PartnerInformation/ListofPartners/partner/Google'>Google</a>, <a href='/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</a>, <a href='/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</a>, <a href='/PartnerInformation/ListofPartners/partner/INCIBE'>Spanish National Cybersecurity Institute (INCIBE)</a>, and <a href='/PartnerInformation/ListofPartners/partner/THA-PSIRT'>Thales Group</a> are Roots under the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>. <a href='/PartnerInformation/ListofPartners/partner/CERTVDE'>CERT@VDE</a> and <a href='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS</a> are Roots under the <a href='/PartnerInformation/ListofPartners/partner/CISA'>CISA Top-Level Root</a>. Learn more about how the CVE Program is organized on the <a href='/ProgramOrganization/Structure'>Structure page</a> on the CVE website."
+        },
+        {
+          "contentnewsType": "image",
+          "imageWidth": "",
+          "href": "/news/NewCVEProgramRoot.png",
+          "altText": "New CVE Program Root"
+        }
+      ]
+    },
+    {
+      "id": 603,
+      "displayOnHomepageOrder": 0,
+      "newsType": "press-release",
+      "title": "CVE Program Expands Partnership with European Union Agency for Cybersecurity (ENISA)&mdash;ENISA Is Now a Root in the CVE Program",
+      "urlKeywords": "ENISA Root CVE Program",
+      "date": "2025-11-20",
+      "description": [
+        {
+          "contentnewsType": "paragraph",
+          "content": "FOR IMMEDIATE RELEASE &mdash; The <a href='/'>CVE Program</a> is expanding its partnership with the <a href='/PartnerInformation/ListofPartners/partner/ENISA'>European Union Agency for Cybersecurity (ENISA)</a> for managing the assignment of <a href='/ResourcesSupport/Glossary?activeTerm=glossaryCVEID'>CVE Identifiers (CVE IDs)</a> and publication of <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRecord'>CVE Records</a> for the CVE Program. ENISA is now designated as a <a href='/ResourcesSupport/Glossary?activeTerm=glossaryRoot'>Root</a> for EU member states/EU authorities, EU CSIRTs network members, and cooperative partners under ENISA’s mandate as well as other <a href='/ProgramOrganization/CNAs'>CVE Numbering Authorities (CNAs)</a> who choose ENISA as their Root."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "The addition of ENISA as Root is a significant milestone for the CVE Program. ENISA’s new role directly supports shared goals around expanding international participation in operational and governance roles. It also demonstrates continued progress by the program in growing the Root community and advancing federated operations where additional organizations help scale CNA engagement, onboarding, and data quality across respective program hierarchies."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "As a Root, ENISA is responsible for ensuring the effective assignment of CVE IDs, implementing the CVE Program rules and guidelines, and managing the <a href='/ProgramOrganization/CNAs'>CNAs</a> under its care. It is also responsible for recruitment and onboarding of new CNAs and resolving disputes within its scope."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "A <a href='/ProgramOrganization/CNAs'>CNA</a> is an organization responsible for the regular assignment of CVE IDs to vulnerabilities, and for creating and publishing information about the vulnerability in the associated CVE Record. Each CNA has a specific scope of responsibility for vulnerability identification and publishing. There are currently <a href='/PartnerInformation/ListofPartners'>483 CNAs</a> (480 CNAs and 3 CNA-LRs) from <a href='/ProgramOrganization/CNAs'>40 countries</a> and 1 no country affiliation actively participating in the CVE Program."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "For existing CNAs who are eligible and interested in moving under ENISA’s Root, the CVE Program encourages a collaborative and voluntary transition. The CVE Program will closely engage with each organization to ensure a smooth transition process. A transition period is foreseen for those CNAs who intend to change Root. The phased approach by ENISA will allow for thoughtful coordination, ongoing support, and alignment with the preferences and operational needs of each CNA."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "As a Root, ENISA will join the CVE Program Council of Roots, which focuses on operational coordination across the CVE Program’s Root hierarchies. At an international level, CVE Program Roots include MITRE, CISA, Google, and Red Hat from the US, and JPCERT/CC from Japan. Within the EU, Roots include INCIBE Cert, Thales Group, and, most recently, CERT@VDE."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "Currently, <a href='/PartnerInformation/ListofPartners/partner/ENISA'>ENISA</a>, <a href='/PartnerInformation/ListofPartners/partner/Google'>Google</a>, <a href='/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</a>, <a href='/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</a>, <a href='/PartnerInformation/ListofPartners/partner/INCIBE'>Spanish National Cybersecurity Institute (INCIBE)</a>, and <a href='/PartnerInformation/ListofPartners/partner/THA-PSIRT'>Thales Group</a> are Roots under the <a href='/PartnerInformation/ListofPartners/partner/mitre'>MITRE Top-Level Root</a>. <a href='/PartnerInformation/ListofPartners/partner/CERTVDE'>CERT@VDE</a> and <a href='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS</a> are Roots under the <a href='/PartnerInformation/ListofPartners/partner/CISA'>CISA Top-Level Root</a>. Learn more about how the CVE Program is organized on the <a href='/ProgramOrganization/Structure'>Structure page</a> on the CVE website."
+        },
+        {
+          "contentnewsType": "paragraph",
+          "content": "MEDIA CONTACT<br/><a href='mailto:[email protected]'>[email protected]</a>"
+        }
+      ]
+    },
     {
       "id": 602,
       "newsType": "blog",

src/assets/data/news.json

@@ -38,14 +38,15 @@
               (<router-link to='/PartnerInformation/ListofPartners/partner/CERTVDE'>CERT@VDE</router-link>
               and
               <router-link to='/PartnerInformation/ListofPartners/partner/icscert'>CISA ICS</router-link>),
-              multiple CNAs, and one CNA-LR managed by the CISA ICS Root. The MITRE TL-Root hierarchy includes five Roots
-              (<router-link to='/PartnerInformation/ListofPartners/partner/Google'>Google</router-link>,
+              multiple CNAs, and one CNA-LR managed by the CISA ICS Root. The MITRE TL-Root hierarchy includes six Roots
+              (<router-link to='/PartnerInformation/ListofPartners/partner/ENISA'>ENISA</router-link>, 
+              <router-link to='/PartnerInformation/ListofPartners/partner/Google'>Google</router-link>,
               <router-link to='/PartnerInformation/ListofPartners/partner/INCIBE'>INCIBE</router-link>,
               <router-link to='/PartnerInformation/ListofPartners/partner/jpcert'>JPCERT/CC</router-link>,
               <router-link to='/PartnerInformation/ListofPartners/partner/redhat'>Red Hat</router-link>, and
               <router-link to='/PartnerInformation/ListofPartners/partner/THA-PSIRT'>Thales Group</router-link>),
               multiple CNAs, and two CNA-LRs, one managed by Red Hat for its own Root hierarchy and one managed by the MITRE TL-Root.
-              In both TL-Root hierarchies, each of the seven Roots also manages their own CNAs.
+              In both TL-Root hierarchies, each of the eight Roots also manages their own CNAs.
             </p>
             <p>
               <router-link to='/ProgramOrganization/ADPs'>Authorized Data Publishers (ADPs)</router-link>

src/assets/images/CVEProgramStructure.png

@@ -35,7 +35,7 @@
             class="title">
             {{cvenavs['Program Organization']['submenu']['Working Groups']['items']['Automation Working Group (AWG)']['label']}}</h2>
             <p>
-              Chair: Kris Britton
+              Co-Chairs: Kris Britton, Terrell Mitchell, and Dave Welch
             </p>
             <p>
               The AWG is focused on identifying and advancing proposals for the collaborative design, development, and deployment of