A guide for Open Source projects that are interested in issuing and managing their own CVE IDs through the CVE Numbering Authority (CNA) program.
As a software developer, before using open source software (OSS) dependencies or tools, identify candidates and evaluate the leading ones against your needs.
Guidance for Security Researchers to Coordinate Vulnerability Disclosures with Open Source Software Projects
Intended to help security researchers (aka “Finders”) engage with open source software (OSS) project maintainers to kick off and participate in the coordinated vulnerability response process.
Intended to help open source project maintainers create and maintain a coordinated vulnerability response process.