Add instructions for updating private CNA POCs

skmproduction · Aug 22, 2024 · c194e1f · c194e1f
1 parent 61021b9
commit c194e1f
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/docs/python.org/CVE-Numbering-Authority.md b/docs/python.org/CVE-Numbering-Authority.md
@@ -5,15 +5,29 @@ title: CVE Numbering Authority
 
 ## Points of Contact (POC)
 
-- Seth Michael Larson
-- Ee Durbin
+Public:
+
+- `[email protected]`
+
+Private:
+
+- Seth Michael Larson (`[email protected]`)
+- Ee Durbin (`[email protected]`)
+- Jacob Coffee (`[email protected]`)
 
 All Points of Contact are subscribed to the [CNA email mailing list](https://mail.python.org/mailman3/lists/cna.python.org/).
 
 When updating any of the above Points of Contact, MITRE must be notified prior to making the change.
-The primary POC must have their phone number on file with MITRE in case a vulnerability is on the
+At least one private Point of Contact must have their phone number on file with MITRE in case a vulnerability is on the
 "Known Exploited Vulnerability" list and the CVE or advisory isn't published.
 
+Updates to the Points of Contact list should be sent using the [MITRE CVE form](https://cveform.mitre.org/):
+
+* Request type: Other
+* Enter your email address
+* Type of comment: Issue
+* Description: "Update Points of Contact list to be Public: [email protected], Private: ..."
+
 ## CVE Services Organization Accounts
 
 The following accounts are Organization Accounts (OA) for CVE Services.