Google Git
Sign in
go / website / 3c12c817e08464a18ccd5a117ef5dc01954cc999^! / .
commit3c12c817e08464a18ccd5a117ef5dc01954cc999[log] [tgz]
authorTatiana Bradley <tatianabradley@google.com>Thu Sep 01 11:42:33 2022 -0400
committerTatiana Bradley <tatiana@golang.org>Thu Sep 01 18:12:01 2022 +0000
treeb58dab61da6070f04379871a2e66425ebc4d5781
parent489a3a1de0dbc352bd59784cae654fa7b64921c4 [diff]
_content/security/vuln: update cna.md

Change-Id: I2f2d1b515e37f8179c25d9a4b6b6470a7a1653ef
Reviewed-on: https://go-review.googlesource.com/c/website/+/427477
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Brandon Kessler <bkessler@google.com>
Reviewed-by: Julie Qiu <julieqiu@google.com>

diff --git a/_content/security/vuln/cna.md b/_content/security/vuln/cna.md
index ea3e7a4..55a73a8 100644
--- a/_content/security/vuln/cna.md
+++ b/_content/security/vuln/cna.md

@@ -4,6 +4,7 @@
 ---
 
 ## Overview
+
 The Go CNA is a
 [CVE Numbering Authority](https://www.cve.org/ProgramOrganization/CNAs), which issues
 [CVE IDs](https://www.cve.org/ResourcesSupport/Glossary?activeTerm=glossaryCVEID) and publishes
@@ -11,34 +12,28 @@
 for public vulnerabilities in the Go ecosystem. It is a sub-CNA of the Google CNA.
 
 ## Scope
+
 The Go CNA covers vulnerabilities in the Go project (the Go
-[standard library](https://pkg.go.dev/std) and
+[standard library](/pkg) and
 [sub-repositories](https://pkg.go.dev/golang.org/x)) and public vulnerabilities
 in importable Go modules that are not already covered by another CNA.
 
 This scope is intended to explicitly exclude vulnerabilities in applications or
 packages written in Go that are not importable (for example, anything in
-package `main` or an `internal/` directory).
+package `main`). See [go.dev/security/vuln/database](/security/vuln/database) for more information on excluded reports.
 
 To report potential new vulnerabilities in the Go project, refer to
-[go.dev/security/policy](https://go.dev/security/policy).
+[go.dev/security/policy](/security/policy).
 
 ## Requesting a CVE ID for a public vulnerability
 
 **IMPORTANT**: The form linked below creates a public issue on the issue tracker, and therefore
-*must not* be used to report undisclosed vulnerabilites in Go (see our
-[security policy](https://go.dev/security/policy) for instructions on reporting
+*must not* be used to report undisclosed vulnerabilities in Go (see our
+[security policy](/security/policy) for instructions on reporting
 undisclosed issues).
 
 To request a CVE ID for an existing PUBLIC vulnerability in the Go ecosystem,
 [submit a request via this form](https://github.com/golang/vulndb/issues/new?assignees=&labels=Needs+Triage%2CDirect+External+Report&template=new_third_party_vuln.yml&title=x%2Fvulndb%3A+potential+Go+vuln+in+%3Cpackage%3E).
 
 A vulnerability is considered public if it has already been disclosed publicly, or it exists in a
-package you maintain (and you are ready to disclose it publicly).
-
-This is a new feature and is still in development; please give any feedback
-regarding the process to security@golang.org.
-
-## Contact
-
-For more information, email security@golang.org.
+package you maintain, and you are ready to disclose it publicly.