doc: no longer maintain a CNA structure (!33639) · Merge requests · Rodrigo Test / Test Group-nodejs / node

Rodrigo Muino Tomonari requested to merge github/fork/sam-github/rm-cna-management into master May 29, 2020

Node.js hasn't touched the cve-management repo since the Feb 2019 security release, we've used the HackerOne CVE allocation process.

Maintaining our status as a CNA is not zero cost, there is some routine adminstration that is requested (see this doc for details).

As we no longer use the CVE management process, I propose removing it. If this lands, I will go through the interactions with Mitre so that Node.js is no longer a CNA and cleanup related resources (email aliases, archive the cve-management repo, whatever else I find).

Checklist

make -j4 test (UNIX), or vcbuild test (Windows) passes
tests and/or benchmarks are included
documentation is changed or added
commit message follows commit guidelines

Admin message

Admin message

doc: no longer maintain a CNA structure

Checklist

Merge request reports