Skip to content

doc: stop managing CVEs

Rodrigo Muino Tomonari requested to merge github/fork/sam-github/stop-being-a-cve into master

@nodejs/tsc We are now using HackerOne to receive vulnerability reports, and one of the services they offer is CVE allocation.

I propose we:

  1. contact Mitre and request no longer being a CNA
  2. remove this document
  3. archive https://github.com/nodejs-private/cve-management
  4. remove CVE related mail aliases from https://github.com/nodejs/email

Tagging TSC agenda, I think this needs agreement from TSC.

Merge request reports