forked from psf/policies
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add instructions for updating private CNA POCs
- Loading branch information
1 parent
61021b9
commit c194e1f
Showing
1 changed file
with
17 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -5,15 +5,29 @@ title: CVE Numbering Authority | |
|
||
## Points of Contact (POC) | ||
|
||
- Seth Michael Larson | ||
- Ee Durbin | ||
Public: | ||
|
||
- `[email protected]` | ||
|
||
Private: | ||
|
||
- Seth Michael Larson (`[email protected]`) | ||
- Ee Durbin (`[email protected]`) | ||
- Jacob Coffee (`[email protected]`) | ||
|
||
All Points of Contact are subscribed to the [CNA email mailing list](https://mail.python.org/mailman3/lists/cna.python.org/). | ||
|
||
When updating any of the above Points of Contact, MITRE must be notified prior to making the change. | ||
The primary POC must have their phone number on file with MITRE in case a vulnerability is on the | ||
At least one private Point of Contact must have their phone number on file with MITRE in case a vulnerability is on the | ||
"Known Exploited Vulnerability" list and the CVE or advisory isn't published. | ||
|
||
Updates to the Points of Contact list should be sent using the [MITRE CVE form](https://cveform.mitre.org/): | ||
|
||
* Request type: Other | ||
* Enter your email address | ||
* Type of comment: Issue | ||
* Description: "Update Points of Contact list to be Public: [email protected], Private: ..." | ||
|
||
## CVE Services Organization Accounts | ||
|
||
The following accounts are Organization Accounts (OA) for CVE Services. | ||
|