CNA information difficult to obtain without scraping and parsing all CVEs

[nisamson]

There is a mapping between some GUIDs and CNAs that exists in the providerMetadata fields, e.g.

"providerMetadata": {
  "dateUpdated": "2022-07-03T22:16:27",
  "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
  "shortName": "ibm"
}

However, there doesn't appear to be a way to gather a mapping of these organizational IDs or a clear way to get additional information about them, e.g. a contact email or a longer form name. It would be very useful to have a dictionary of this information for correlation with some downstream consumers of the CVE.org data like NIST NVD who are currently just using the UUID when they publish their information.

Additionally, even though it is public, there is no way of programmatically obtaining the contact information for or the name of a CNA even though this information is public without scraping the CVE.org website (if there is, please correct me; I can't find any indication of such an offering existing).

[jgamblin]

@nisamson,

It is not an "officially supported" method, but I use the JSON from the GitHub repo for this information to stop from having to scrape the site: https://raw.githubusercontent.com/CVEProject/cve-website/main/src/assets/data/CNAsList.json

The JSON has not been updated to include the orgID but I opened a request on the website repo to see if it is possible to add that. CVEProject/cve-website#2907

[M-nj]

See this for a mapping of Org ID to CNA full names.
https://www.cve.org/cve-partner-name-map.json

[jgamblin]

@M-nj Thank you so much! That is so helpful!

[jgamblin]

@M-nj this file is now empty? It was populated this morning.

[M-nj]

@M-nj this file is now empty? It was populated this morning.

This has been a known issue for that file, however it may have been patched as of Sept 11th, 2024. Please see CVEProject/cve-website#1996 (comment). If this issue persists, feel free to contribute to that issue.

[mprpic]

This is essentially a duplicate of CVEProject/automation-working-group#133. Please add specific use cases that would be met if this data were to be published in official form (instead of a set of unofficial website assets). Thank you!