[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CNA requirements



So I'm looking at the CNA requirements for DWF CNA's, obviously most of 

https://cve.mitre.org/cve/cna.html

pretty much directly applies. But one thing I have run into in other situations is single point of contact, and the person leaves/etc. I'm thinking for the case of a lot of smaller Open Source projects you usually have a main developer so I think a single point of contact being a problem is moot here (since without them the project won't get updates, let alone CVEs). I was wondering what other people thought? 

--
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Red Hat Product Security contact: secalert@redhat.com

Page Last Updated or Reviewed: May 17, 2016