-
Publish (or be ready to publish) a stable public reference or GTFO, providing sufficient evidence of vulnerability, ideally PoC. "Stable" means "do not delete the markdown file on GitHub a couple days later."
-
Do not make multiple parallel assignment requests from different CNAs.
-
Provide the CNA as much information as possible to produce a good quality CVE Record. Consider providing a JSON file in the CVE Record Format (you could use Vulnogram).