doc: no longer maintain a CNA structure
Node.js hasn't touched the cve-management repo since the Feb 2019 security release, we've used the HackerOne CVE allocation process.
Maintaining our status as a CNA is not zero cost, there is some routine adminstration that is requested (see this doc for details).
As we no longer use the CVE management process, I propose removing it. If this lands, I will go through the interactions with Mitre so that Node.js is no longer a CNA and cleanup related resources (email aliases, archive the cve-management repo, whatever else I find).
Checklist
-
make -j4 test
(UNIX), orvcbuild test
(Windows) passes -
tests and/or benchmarks are included -
documentation is changed or added -
commit message follows commit guidelines