2026年1月5日的 CVE 记录漏洞数据富化:263 个 CNA 列入富化认可名单
CVE 计划博客 · 4 分钟阅读 · 2 天前
2026 年 1 月 5 日的 “CNA 富化认可名单” 现已发布,共列入 263 个 CNA。该名单每月在 CVE 网站上发布一次,用于表彰那些在其 CVE 记录 中积极提供增强漏洞数据的 CVE 编号授权机构(CNA)。如果一个 CNA 在其最近发布的记录中,至少有 98% 的记录同时提供了 通用漏洞评分系统(CVSS) 和 通用弱点枚举(CWE™),并且这些记录是在其最近一条记录发布后的两周内发布的,则该 CNA 会被加入该名单。
CNA 富化认可名单的标准和报告机制,旨在表彰那些通过额外工作提升 CVE 记录对下游用户价值的 CNA,并鼓励其他机构也采取同样的做法。富化认可名单的标准可能随时间变化。最近一次修改发生在 2025 年 6 月,数据拉取周期从每两周一次(基于过去 12 个月的数据)调整为当前每月一次(基于过去 6 个月的数据)。
关于认可名单的更多信息,请参阅《表彰为 CVE 记录主动提供漏洞数据富化的 CNA》。要了解 CVSS 和 CWE 等漏洞信息类型,请参见《CVE 记录用户指南》。在 CVE 网站指标页面可查看最新的 CNA 富化认可名单。
获取 CVE 计划博客故事到您的收件箱
免费加入 Medium 以接收来自该作者的更新。
2026 年 1 月 5 日 CNA 富化认可名单(共 263 个 CNA)列出如下:
Acronis International GmbH, Adobe Systems Incorporated, Advanced Micro Devices Inc., Airbus, AlgoSec, Altera, Amazon, AMI, ARC Informatique, Arista Networks, Inc., Armis, Inc., Asea Brown Boveri Ltd., ASR Microelectronics Co., Ltd., ASUSTeK Computer Incorporation, ASUSTOR Inc., ATI Soluciones Diseño de Sistemas Electrónicos, S.L., Austin Hackers Anonymous, Autodesk, Automotive Security Research Group (ASRG), Axis Communications AB, AxxonSoft Limited, Azure Access Technology, BeyondTrust Inc., Bitdefender, Bizerba SE & Co. KG, Black Duck Software, Inc., Black Lantern Security, BlackBerry, Brocade Communications Systems LLC, a Broadcom Company, Bugcrowd Inc., Canon EMEA, Canon Inc., Canonical Ltd., Carrier Global Corporation, Cato Networks, Centreon, CERT.PL, CERT@VDE, Check Point Software Technologies Ltd., Checkmarx, Checkmk GmbH, cirosec GmbH, Cisco Systems, Inc., Citrix Systems, Inc., Cloudflare, Inc., Commvault Systems Inc, Concrete CMS, ConnectWise LLC, Crestron Electronics, Inc., CrowdStrike Holdings, Inc., CyberArk Labs, CyberDanube, Cybersecurity and Infrastructure Security Agency (CISA) U.S. Civilian Government, Dahua Technologies, Danfoss, Dassault Systèmes, Dell EMC, Delta Electronics, Inc., Digi International Inc., Docker Inc., dotCMS LLC, Dragos, Inc., Eaton, Eclipse Foundation, Elastic, EnterpriseDB Corporation, Environmental Systems Research Institute, Inc. (Esri), Ericsson, Erlang Ecosystem Foundation, ESET, spol. s r.o., EU Agency for Cybersecurity (ENISA), Extreme Networks, Inc., F5 Networks, Fedora Project (Infrastructure Software), Fermax Technologies SLU, Financial Security Institute (FSI), Flexera Software LLC, floragunn GmbH, Fluid Attacks, Fortinet, Inc., Fortra, LLC, Foxit Software Incorporated, Gallagher Group Ltd, GE Vernova, Genetec Inc., GitHub (maintainer security advisories), GitHub Inc. (Products Only), GitLab Inc., Glyph & Cog, LLC, GNU C Library, Google Cloud, Google LLC, Government Technology Agency of Singapore Cyber Security Group (GovTech CSG), Gridware Cybersecurity, Hallo Welt! GmbH, Hanwha Vision Co., Ltd., Harborist, HashiCorp Inc., HCL Software, HeroDevs, HiddenLayer, Inc., Hitachi Energy, Hitachi Vantara, Hitachi, Ltd., Honeywell International Inc., Honor Device Co., Ltd., HP Inc., Huawei Technologies, HYPR Corp, IBM Corporation, ICS-CERT, Indian Computer Emergency Response Team (CERT-In), Insyde Software, Intel Corporation, Internet Systems Consortium (ISC), Israel National Cyber Directorate, Ivanti, Jaspersoft, JetBrains s.r.o., JFROG, Johnson Controls, JPCERT/CC, Kaspersky, KNIME AG, KrCERT/CC, Kubernetes, Larry Cashdollar, Legion of the Bouncy Castle Inc., Lenovo Group Ltd., Lexmark International Inc., LG Electronics, Liferay, Inc., M-Files Corporation, Mandiant Inc., Mattermost, Inc, Mautic, Medtronic, Microchip Technology, Microsoft Corporation, Milestone Systems A/S, Mitsubishi Electric Corporation, Monash University — Cyber Security Incident Response Team, MongoDB, Moxa Inc., N-able, National Cyber Security Centre — Netherlands (NCSC-NL), National Cyber Security Centre Finland, National Instruments, NEC Corporation, Neo4j, NetApp, Inc., NETGEAR, Netskope, NLnet Labs, NortonLifeLock Inc, Nozomi Networks Inc., Nvidia Corporation, OceanBase, Okta, Omnissa, LLC, OMRON Corporation, ONEKEY GmbH, Open Design Alliance, Open-Xchange, OpenHarmony, OpenJS Foundation, OpenText (formerly Micro Focus), OPPO, OTRS AG, Palantir Technologies, Palo Alto Networks, Panasonic Holdings Corporation, PaperCut Software Pty Ltd, Pegasystems, PHP Group, Ping Identity Corporation, Progress Software Corporation, Proofpoint Inc., Protect AI, Pure Storage, Inc., QNAP Systems, Inc., Qualcomm, Inc., Qualys, Inc., Radiometer Medical ApS, rami.io GmbH, Rapid7, Inc., Real-Time Innovations, Inc., Red Hat, Inc., Ribose Limited, Robert Bosch GmbH, Roche Diagnostics, Rockwell Automation, S21sec Cyber Solutions by Thales, SailPoint Technologies, Samsung TV & Appliance, SAP SE, Schneider Electric SE, Seagate Technology, Security Risk Advisors, ServiceNow, SICK AG, Siemens, Silicon Labs, Snyk, Softing, SoftIron, SolarWinds, Solidigm, Sonatype Inc., Sophos, Spanish National Cybersecurity Institute, S.A., StrongDM, Super Micro Computer, Inc., Suse, Switzerland National Cyber Security Centre (NCSC), Synaptics, Synology Inc., Talos, TCS-CERT, TeamViewer Germany GmbH, Temporal Technologies Inc., Teradyne Robotics, Thales Group, The Browser Company of New York, The Document Foundation, The Missing Link Australia (TML), The Qt Company, The Rust Project, The Tcpdump Group, The Wikimedia Foundation, TianoCore.org, TIBCO Software Inc., Toreon, TP-Link Systems Inc., TR-CERT (Computer Emergency Response Team of the Republic of Turkey), Trellix, Trend Micro, Inc., TWCERT/CC, TYPO3 Association, upKeeper Solutions, Vaadin Ltd., VMware, VulDB, VulnCheck, WatchGuard Technologies, Inc., Western Digital, Wind River Systems Inc., Wiz, Inc., wolfSSL Inc., Wordfence, WSO2 LLC, Xerox Corporation, Yandex N.V., Yugabyte, Inc., Zabbix, Zephyr Project, Zero Day Initiative, Zohocorp, Zoom Video Communications, Inc., Zscaler, Inc., ZTE Corporation, ZUSO Advanced Research Team (ZUSO ART), Zyxel Corporation CSD0tFqvECLokhw9aBeRquSkmOZHYDlxpay7ASWWeDANDN7iicrR7tm7OEkjXIhWVdrLYCM1RTl2aZpZn/dsFFQxO99k8leLUEeFgmB7K6cIPba5HEUvOZHyhAzYMZXqJ8b3+4fpU8gxko04cBdxTmLGhRFpfPHYr2ZpR4Eh11nI+kCYqzJ0ilvJ1BhKIgFO
