Can non-CNA Suppliers provide SADP information? How? Through CNA-LRs? Can CNA-LRs provide such information proactively without a request from the non-CNA Supplier, or only when requested?
There may be CRA implications, as manufacturers are required to convey information about vulnerabilities.
Example: https://cveawg-test.mitre.org/api/cve/CVE-2026-20538
Can non-CNA Suppliers provide SADP information? How? Through CNA-LRs? Can CNA-LRs provide such information proactively without a request from the non-CNA Supplier, or only when requested?
There may be CRA implications, as manufacturers are required to convey information about vulnerabilities.
Example: https://cveawg-test.mitre.org/api/cve/CVE-2026-20538