CNA activity #4
Description
Collecting several discussions, there are questions about how CNA membership is maintained.
ossf/wg-vulnerability-disclosures#139
Required activity, publishing CVE Records within a period of time?
Does the Program send heartbeat notifications?
Practice may be that CNAs are only removed if there is a complaint or specific reason (and perhaps also lack of publication)?
This may warrant explanation in the CNA Operational Rules revision.