From efccb7fe3929026271efc5e2fa078c0e4c74dc14 Mon Sep 17 00:00:00 2001
From: liujingang09 <liujingang09@huawei.com>
Date: Thu, 25 Jun 2020 00:00:42 +0800
Subject: [PATCH] add blog for announce cna

---
 .../liujingang09/2020-6-24-announce-cna.md    | 34 +++++++++++++++++++
 .../liujingang09/2020-6-24-announce-cna-zh.md | 22 ++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 content/en/blog/liujingang09/2020-6-24-announce-cna.md
 create mode 100644 content/zh/blog/liujingang09/2020-6-24-announce-cna-zh.md

diff --git a/content/en/blog/liujingang09/2020-6-24-announce-cna.md b/content/en/blog/liujingang09/2020-6-24-announce-cna.md
new file mode 100644
index 0000000..35b66e8
--- /dev/null
+++ b/content/en/blog/liujingang09/2020-6-24-announce-cna.md
@@ -0,0 +1,34 @@
++++
+title = "openEuler Becomes a Member of the CNA Program"
+date = "2020-06-24"
+tags = ["CVE", "CNA", "Security"]
+archives = "2020-06-24"
+author = "liujingang09, openEuler Security Committee"
+summary = "openEuler Becomes a Member of the CNA Program"
++++
+
+### openEuler Becomes a Member of the CNA Program
+
+The openEuler community attaches great importance to the community version security. To quickly respond to and handle security issues related to the openEuler, the community has developed a complete vulnerability management policy. On June 24, 2020, openEuler joins the CVE Numbering Authority (CNA) Program. Currently, openEuler is entitled to assign and manage CVEs related to the openEuler community. By joining the CNA Program, openEuler applies mature vulnerability management standards in the industry to promote the community cyber security. 
+
+The security committee of openEuler community is responsible for building community security engineering and improving vulnerability response capabilities. We hope that security experts and enthusiasts who are interested in openEuler can join our hands to enhance the openEuler community security.
+
+#### Vulnerability management policy：
+                 https://openeuler.org/en/security.html
+#### What is CVE?
++ CVE is an international, community-based effort that maintains a community-driven, open data registry of vulnerabilities. 
++ The CVE IDs assigned through the registry enable program stakeholders to rapidly discover and correlate vulnerability information used to protect systems against attacks. 
++ The CVE List is built by CVE Numbering Authorities (CNAs). Every CVE Entry added to the list is assigned by a CNA.
++ The CVE List feeds the U.S. National Vulnerability Database (NVD).
+#### CVE Value:
++ CVE enables two or more people or tools to refer to a vulnerability and know they are talking about the same thing, resulting in significant time and cost savings. 
+#### CVE is Community Driven:
++ The CVE Program relies on the community (vendors, end users, researchers, and more) to discover and register vulnerabilities.
++ CVE IDs are assigned by CVE Numbering Authorities (CNAs), which are operated on a voluntary basis by participating organizations.
++ The CVE Board, which drives the direction of the CVE Program, consists of industry, academic, and government representatives from around the world.
++ CVE Working Groups develop the program’s policies (approved by the CVE Board) and are open to the community.
+#### Sponsored by:
++ [The CVE Program](https://cve.mitre.org/) is sponsored by the Cybersecurity and Infrastructure Security Agency (CISA, [https://www.cisa.gov/](https://www.cisa.gov/)of the U.S. Department of Homeland Security (DHS) and is operated by [the MITRE Corporation](https://www.mitre.org/) in close collaboration with international industry, academic, and government stakeholders
+#### What are CNAs (CVE Numbering Authorities)
++ CNAs are organizations authorized by the CVE Program to assign CVE IDs to vulnerabilities affecting products within their distinct, agreed-upon scope.
+
diff --git a/content/zh/blog/liujingang09/2020-6-24-announce-cna-zh.md b/content/zh/blog/liujingang09/2020-6-24-announce-cna-zh.md
new file mode 100644
index 0000000..06614b0
--- /dev/null
+++ b/content/zh/blog/liujingang09/2020-6-24-announce-cna-zh.md
@@ -0,0 +1,22 @@
++++
+title = "openEuler正式成为CNA，获得CVE颁发资质"
+date = "2020-06-24"
+tags = ["CVE", "CNA", "Security"]
+archives = "2020-06-24"
+author = "liujingang09, openEuler Security Committee"
+summary = "openEuler正式成为CNA，获得CVE颁发资质"
++++
+
+### openEuler正式成为CNA，获得CVE颁发资质
+openEuler非常重视社区版本的安全性，制定了一套完整的漏洞管理策略，快速的响应和处理openEuler相关的安全问题。2020年6月24日openEuler顺利通过CNA（CVE Numbering Authorities）加入程序，成为CVE编号授权机构，openEuler同时也拥有颁发和管理openEuler社区相关CVE编号的资质。openEuler通过加入CNA，遵循业界成熟的漏洞管理标准，以促进openEuler社区安全的持续发展。
+
+openEuler安全委员会一直致力于提升社区安全和隐私保护能力，欢迎关注openEuler的安全专家和爱好者加入openEuler安全委员会，与我们一起构建openEuler社区安全。
+
+#### openEuler漏洞管理策略：
+https://openeuler.org/zh/security.html
+
+### 关于CVE
+全称是 Common Vulnerabilities & Exposures  通用漏洞披露，建立于 1999年9月。 CVE是一个漏洞字典表，每个漏洞都拥有一个唯一的CVE编码。用户可以通过唯一的CVE编码在漏洞数据库或安全工具中快速的找到漏洞影响范围和修补信息，以便快速的确认系统受漏洞影响情况和获取解决方案。
+
+### 关于CNA
+全称是 CVE Numbering Authority，即“CVE编号授权机构”，CNA包括供应商、开源项目、漏洞研究人员、国家/行业CERT等，成为CNA将可以在授权范围内分配和管理CVE编号。
-- 
GitLab