open external links in new tab (#23)

* add {:target="_blank"} to external links

* remove extra {:target="_blank"}

.github/ISSUE_TEMPLATE/question.md

@@ -9,5 +9,5 @@ assignees: ''
 
 *Note:* Questions for the CERT Guide to CVD team can be asked here in the form of an issue.
 More general questions directed at the CERT Guide to CVD user community
-might be a better fit in the [Q&A](https://github.com/CERTCC/CERT-Guide-to-CVD/discussions/categories/q-a) category of our
-[Discussions](https://github.com/CERTCC/CERT-Guide-to-CVD/discussions) area.
+might be a better fit in the [Q&A](https://github.com/CERTCC/CERT-Guide-to-CVD/discussions/categories/q-a){:target="_blank"} category of our
+[Discussions](https://github.com/CERTCC/CERT-Guide-to-CVD/discussions){:target="_blank"} area.

README.md

@@ -1,16 +1,16 @@
 # CERT® Guide to Coordinated Vulnerability Disclosure
 
 This repository contains the full content of the
-[CERT Guide to Coordinated Vulnerability Disclosure](https://certcc.github.io/CERT-Guide-to-CVD)
+[CERT Guide to Coordinated Vulnerability Disclosure](https://certcc.github.io/CERT-Guide-to-CVD){:target="_blank"}
 as a collection of markdown files.
 
 We welcome contributions to the Guide.
 Please see the [CONTRIBUTING.md](CONTRIBUTING.md) file for more information.
 
 The original 2017 version of the Guide is available as a PDF in the
-[SEI Resource Library](https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=503330).
+[SEI Resource Library](https://resources.sei.cmu.edu/library/asset-view.cfm?assetid=503330){:target="_blank"}.
 The most up-to-date version is available as a web site:
-[CERT Guide to Coordinated Vulnerability Disclosure](https://certcc.github.io/CERT-Guide-to-CVD)
+[CERT Guide to Coordinated Vulnerability Disclosure](https://certcc.github.io/CERT-Guide-to-CVD){:target="_blank"}
 
 If you have a suggestion for a change, clarification, or addition to the
-Guide, please [submit an issue](https://github.com/CERTCC/CERT-Guide-to-CVD/issues).
+Guide, please [submit an issue](https://github.com/CERTCC/CERT-Guide-to-CVD/issues){:target="_blank"}.

docs/_includes/_NIST_SP_800-40.md

@@ -1,6 +1,6 @@
 !!! info "NIST SP 800-40"
 
-    [NIST SP 800-40 Rev. 4 _Guide to Enterprise Patch Management Planning_](https://csrc.nist.gov/pubs/sp/800/40/r4/final)
+    [NIST SP 800-40 Rev. 4 _Guide to Enterprise Patch Management Planning_](https://csrc.nist.gov/pubs/sp/800/40/r4/final){:target="_blank"}
     frames patch management as preventative maintenance for information systems.
     Skimming the section headings of NIST SP 800-40 provides a good overview of the process and
     objectives of VM practices:

docs/_includes/_community_engagement.md

@@ -8,22 +8,22 @@ to make the site better, so don't hesitate to reach out.
 
 <div class="grid cards" markdown>
 
-- :fontawesome-regular-comments: [**Join the conversation**](https://github.com/CERTCC/CERT-Guide-to-CVD/discussions)
+- :fontawesome-regular-comments: [**Join the conversation**](https://github.com/CERTCC/CERT-Guide-to-CVD/discussions){:target="_blank"}
 
     ---
     Have a question or want to discuss something? Join the conversation on the CERT Guide to CVD Community Discussions.
 
-- :material-message-question: [**Ask a Question**](https://github.com/CERTCC/CERT-Guide-to-CVD/issues/new?template=question.md)
+- :material-message-question: [**Ask a Question**](https://github.com/CERTCC/CERT-Guide-to-CVD/issues/new?template=question.md){:target="_blank"}
 
     ---
     Have a question about the content of the site? Ask it here.
 
-- :fontawesome-solid-bug: [**Report a Problem**](https://github.com/CERTCC/CERT-Guide-to-CVD/issues/new?template=bug_report.md)
+- :fontawesome-solid-bug: [**Report a Problem**](https://github.com/CERTCC/CERT-Guide-to-CVD/issues/new?template=bug_report.md){:target="_blank"}
 
     ---
     Found a problem with the site? Report it here.
 
-- :material-lightbulb-on: [**Request a Feature**](https://github.com/CERTCC/CERT-Guide-to-CVD/issues/new?template=feature_request.md)
+- :material-lightbulb-on: [**Request a Feature**](https://github.com/CERTCC/CERT-Guide-to-CVD/issues/new?template=feature_request.md){:target="_blank"}
 
     ---
     Have an idea for a feature you'd like to see on the site? Request it here.

docs/_includes/_eff_advice.md

@@ -1,4 +1,4 @@
 !!! info "EFF Coder's Rights Project Vulnerability Reporting FAQ"
 
     The EFF provides some guidance on the legal aspects of the vulnerability disclosure
-    process in their [Coders’ Rights Project Vulnerability Reporting FAQ](https://www.eff.org/issues/coders/vulnerability-reporting-faq)
+    process in their [Coders’ Rights Project Vulnerability Reporting FAQ](https://www.eff.org/issues/coders/vulnerability-reporting-faq){:target="_blank"}

docs/_includes/_first_psirt.md

@@ -27,7 +27,7 @@
         ```
 
     FIRST has published a
-    [PSIRT Services Framework](https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1.1) that
+    [PSIRT Services Framework](https://www.first.org/standards/frameworks/psirts/psirt_services_framework_v1.1){:target="_blank"} that
     provides a comprehensive guide to the services that a PSIRT can provide.
     It is organized into Service Areas, Services, Functions, and Sub-Functions.
     The diagram at right shows the top-level Service Areas.

docs/_includes/_mobile_supply_chain.md

@@ -16,7 +16,7 @@
 
     Historically, the smartphone market provides a clear example of the effect of 
     the software supply chain on vulnerability response. 
-    In a 2015 [blog post](https://insights.sei.cmu.edu/blog/supporting-android-ecosystem/),
+    In a 2015 [blog post](https://insights.sei.cmu.edu/blog/supporting-android-ecosystem/){:target="_blank"},
     we discussed the complexity of the Android ecosystem and the challenges of coordinating vulnerability
     disclosure and patch deployment in that environment at the time.
 

docs/_includes/_psirt_example.md

@@ -1,10 +1,10 @@
 !!! example inline end "PSIRT Examples"
 
-    - [Microsoft Security Response Center](https://www.microsoft.com/en-us/msrc)
+    - [Microsoft Security Response Center](https://www.microsoft.com/en-us/msrc){:target="_blank"}
     (MSRC)
-    - [Cisco PSIRT](https://sec.cloudapps.cisco.com/security/center/home.x)
-    - [Intel Product Security](https://www.intel.com/content/www/us/en/security-center/default.html)
-    - [Apple Product Security](https://www.apple.com/support/security/)
+    - [Cisco PSIRT](https://sec.cloudapps.cisco.com/security/center/home.x){:target="_blank"}
+    - [Intel Product Security](https://www.intel.com/content/www/us/en/security-center/default.html){:target="_blank"}
+    - [Apple Product Security](https://www.apple.com/support/security/){:target="_blank"}
 
     Many vendor PSIRTs are active in the
-    [Forum of Incident Response and Security Teams](https://www.first.org/members/teams) (FIRST).
+    [Forum of Incident Response and Security Teams](https://www.first.org/members/teams){:target="_blank"} (FIRST).

docs/_includes/_report_certcc.md

@@ -1,4 +1,4 @@
 !!! tip "Reporting a Vulnerability to CERT/CC"
 
     You can request the CERT/CC's assistance in coordinating a vulnerability disclosure process
-    by submitting a report through the CERT/CC's [Vulnerability Reporting Form](https://kb.cert.org/vuls/report/) (VRF).
+    by submitting a report through the CERT/CC's [Vulnerability Reporting Form](https://kb.cert.org/vuls/report/){:target="_blank"} (VRF).

docs/_includes/_rmm_vm_content.md

@@ -1,6 +1,6 @@
-[Vulnerability Analysis and Resolution](https://insights.sei.cmu.edu/library/vulnerability-analysis-and-resolution-var-cert-rmm-process-area/)
+[Vulnerability Analysis and Resolution](https://insights.sei.cmu.edu/library/vulnerability-analysis-and-resolution-var-cert-rmm-process-area/){:target="_blank"}
 (VAR) is an operational process
-described within the [CERT Resilience Management Model](https://insights.sei.cmu.edu/library/cert-resilience-management-model-cert-rmm-collection/)
+described within the [CERT Resilience Management Model](https://insights.sei.cmu.edu/library/cert-resilience-management-model-cert-rmm-collection/){:target="_blank"}
 (RMM) that closely overlaps with the concept of
 Vulnerability Management. Although the RMM is designed with a focus on
 operational resilience for organizations, there is sufficient overlap

docs/_includes/_what_is_coord.md

@@ -2,7 +2,7 @@
 
     !!! example inline end "CERT Vulnerability Notes"
 
-        The CERT/CC's security advisories are known as [*Vulnerability Notes*](https://www.kb.cert.org/vuls).
+        The CERT/CC's security advisories are known as [*Vulnerability Notes*](https://www.kb.cert.org/vuls){:target="_blank"}.
 
     Coordination is the process by which multiple parties coordinate to
     share information regarding a vulnerability, with the goal of producing

docs/about/acknowledgements.md

@@ -20,7 +20,7 @@ and Garret Wassermann
 
 We also acknowledge the contributions of
 
-- the broader [CERT Division](https://www.sei.cmu.edu/about/divisions/cert/), part of the [Software Engineering Institute](https://www.sei.cmu.edu) at [Carnegie Mellon University](https://www.cmu.edu)
-- the [GitHub community](https://github.com/CERTCC/CERT-Guide-to-CVD/graphs/contributors)
+- the broader [CERT Division](https://www.sei.cmu.edu/about/divisions/cert/){:target="_blank"}, part of the [Software Engineering Institute](https://www.sei.cmu.edu){:target="_blank"} at [Carnegie Mellon University](https://www.cmu.edu){:target="_blank"}
+- the [GitHub community](https://github.com/CERTCC/CERT-Guide-to-CVD/graphs/contributors){:target="_blank"}
 
 who have provided feedback and suggestions that have helped shape this documentation.

docs/about/sightings.md

@@ -5,20 +5,20 @@
 
     ------------------------------------------------------------------------
 
-    - 2021-06-24 - [See Something, Say Something: Coordinating the Disclosure of Security Vulnerabilities in Canada](https://www.cybersecurepolicy.ca/vulnerability-disclosure) (Cyberspace Policy Exchange)
-    - 2020-03-23 - [The CERT Guide to Coordinated Vulnerability Disclosure](https://insights.sei.cmu.edu/library/the-cert-guide-to-coordinated-vulnerability-disclosure/) (SEI Podcast)
-    - 2019-09-17 - [Update on the CERT Guide to Coordinated Vulnerability Disclosure](https://insights.sei.cmu.edu/blog/update-on-the-cert-guide-to-coordinated-vulnerability-disclosure/) - (Software Engineering Institute)
-    - 2018-12-14 - [Economics of Vulnerability Disclosure](https://www.enisa.europa.eu/publications/economics-of-vulnerability-disclosure) (ENISA)
-    - 2018-10-23 - [The Criticality of Coordinated Disclosure in Modern Cybersecurity](https://web.archive.org/web/20230114003158/https://republicans-energycommerce.house.gov/wp-content/uploads/2018/10/10-23-18-CoDis-White-Paper.pdf) (US House Energy and Commerce Committee, Majority Staff)
-    - 2018-10-10 - [Announcing Arduino's Coordinated Vulnerability Disclosure Policy](https://blog.arduino.cc/2018/10/10/announcing-arduino-coordinated-vulnerability-disclosure-policy/) (Arduino)
-    - 2018-09-18 - [It Takes a Village: How Hacktivity Can Save Your Company](https://publications.atlanticcouncil.org/hacktivity/) (Atlantic Council)
-    - 2018-07-26 - [SEI Response to Senate and House Committees regarding Coordinated Vulnerability Disclosure](https://web.archive.org/web/20200810085618/https://republicans-energycommerce.house.gov/wp-content/uploads/2018/08/CERT-Response-MultiParty-CVD-Congressional-Letter.pdf) (Software Engineering Institute)
-    - 2018-07-17 - [Letter to SEI from House Committee on Energy and Commerce and Senate Committee on Commerce, Science, and Transportation regarding Coordinated Vulnerability Disclosure](https://web.archive.org/web/20230112063739/https://republicans-energycommerce.house.gov/wp-content/uploads/2018/07/071718-SEI-Spectre-Meltdown.pdf) (US House & Senate)
-    - 2018-07-11 - [Senate Testimony regarding Complex Cybersecurity Vulnerabilities: Lessons Learned from Spectre and Meltdown](https://www.commerce.senate.gov/public/index.cfm/hearings?Id=77835497-EC96-41E8-B311-5AF789F38422&Statement_id=518CD2D5-87E5-4A64-B619-7E09C85174AF) (Art Manion's testimony to the US Senate)
-    - 2018-06-28 - [Software Vulnerability Disclosure in Europe: Technology, Policies and Legal Challenges](https://www.ceps.eu/ceps-publications/software-vulnerability-disclosure-europe-technology-policies-and-legal-challenges/) (Centre for European Policy Studies)
-    - 2018-02-07 - [Response to US House Energy and Commerce Committee regarding Meltdown and Spectre](https://web.archive.org/web/20180924112647/https://energycommerce.house.gov/wp-content/uploads/2018/02/MSFT-Spectre-Response-to-EC-Committee-.pdf) (Microsoft)
-    - 2018-01-31 - [Response to US House Energy and Commerce Committee regarding Meltdown and Spectre](https://web.archive.org/web/20180924112525/https://energycommerce.house.gov/wp-content/uploads/2018/02/Intel-Corp-response-HEC-FINAL.pdf) (Intel)
-    - 2017-11-28 - [AMA with Authors of The CERT Guide to Coordinated Vulnerability Disclosure](https://youtu.be/oshHrujqPjc) (HackerOne)
-    - 2017-10-26 - [Your TL;DR Summary of the CERT Guide to Coordinated Vulnerability Disclosure](https://www.hackerone.com/blog/Your-TLDR-Summary-of-The-CERT-Guide-to-Coordinated-Vulnerability-Disclosure) (HackerOne)
-    - 2017-08-16 - [This one matters, too: Carnegie Mellon issues guide to disclosing software vulnerabilities responsibly](https://www.cyberscoop.com/carnegie-mellon-sei-cert-vulnerability-disclosure/) (cyberscoop)
-    - 2017-08-15 - [CERT Guide to Coordinated Vulnerability Disclosure Released](https://insights.sei.cmu.edu/news/cert-guide-to-coordinated-vulnerability-disclosure-released/) (Software Engineering Institute)
+    - 2021-06-24 - [See Something, Say Something: Coordinating the Disclosure of Security Vulnerabilities in Canada](https://www.cybersecurepolicy.ca/vulnerability-disclosure){:target="_blank"} (Cyberspace Policy Exchange)
+    - 2020-03-23 - [The CERT Guide to Coordinated Vulnerability Disclosure](https://insights.sei.cmu.edu/library/the-cert-guide-to-coordinated-vulnerability-disclosure/){:target="_blank"} (SEI Podcast)
+    - 2019-09-17 - [Update on the CERT Guide to Coordinated Vulnerability Disclosure](https://insights.sei.cmu.edu/blog/update-on-the-cert-guide-to-coordinated-vulnerability-disclosure/){:target="_blank"} - (Software Engineering Institute)
+    - 2018-12-14 - [Economics of Vulnerability Disclosure](https://www.enisa.europa.eu/publications/economics-of-vulnerability-disclosure){:target="_blank"} (ENISA)
+    - 2018-10-23 - [The Criticality of Coordinated Disclosure in Modern Cybersecurity](https://web.archive.org/web/20230114003158/https://republicans-energycommerce.house.gov/wp-content/uploads/2018/10/10-23-18-CoDis-White-Paper.pdf){:target="_blank"} (US House Energy and Commerce Committee, Majority Staff)
+    - 2018-10-10 - [Announcing Arduino's Coordinated Vulnerability Disclosure Policy](https://blog.arduino.cc/2018/10/10/announcing-arduino-coordinated-vulnerability-disclosure-policy/){:target="_blank"} (Arduino)
+    - 2018-09-18 - [It Takes a Village: How Hacktivity Can Save Your Company](https://publications.atlanticcouncil.org/hacktivity/){:target="_blank"} (Atlantic Council)
+    - 2018-07-26 - [SEI Response to Senate and House Committees regarding Coordinated Vulnerability Disclosure](https://web.archive.org/web/20200810085618/https://republicans-energycommerce.house.gov/wp-content/uploads/2018/08/CERT-Response-MultiParty-CVD-Congressional-Letter.pdf){:target="_blank"} (Software Engineering Institute)
+    - 2018-07-17 - [Letter to SEI from House Committee on Energy and Commerce and Senate Committee on Commerce, Science, and Transportation regarding Coordinated Vulnerability Disclosure](https://web.archive.org/web/20230112063739/https://republicans-energycommerce.house.gov/wp-content/uploads/2018/07/071718-SEI-Spectre-Meltdown.pdf){:target="_blank"} (US House & Senate)
+    - 2018-07-11 - [Senate Testimony regarding Complex Cybersecurity Vulnerabilities: Lessons Learned from Spectre and Meltdown](https://www.commerce.senate.gov/public/index.cfm/hearings?Id=77835497-EC96-41E8-B311-5AF789F38422&Statement_id=518CD2D5-87E5-4A64-B619-7E09C85174AF){:target="_blank"} (Art Manion's testimony to the US Senate)
+    - 2018-06-28 - [Software Vulnerability Disclosure in Europe: Technology, Policies and Legal Challenges](https://www.ceps.eu/ceps-publications/software-vulnerability-disclosure-europe-technology-policies-and-legal-challenges/){:target="_blank"} (Centre for European Policy Studies)
+    - 2018-02-07 - [Response to US House Energy and Commerce Committee regarding Meltdown and Spectre](https://web.archive.org/web/20180924112647/https://energycommerce.house.gov/wp-content/uploads/2018/02/MSFT-Spectre-Response-to-EC-Committee-.pdf){:target="_blank"} (Microsoft)
+    - 2018-01-31 - [Response to US House Energy and Commerce Committee regarding Meltdown and Spectre](https://web.archive.org/web/20180924112525/https://energycommerce.house.gov/wp-content/uploads/2018/02/Intel-Corp-response-HEC-FINAL.pdf){:target="_blank"} (Intel)
+    - 2017-11-28 - [AMA with Authors of The CERT Guide to Coordinated Vulnerability Disclosure](https://youtu.be/oshHrujqPjc){:target="_blank"} (HackerOne)
+    - 2017-10-26 - [Your TL;DR Summary of the CERT Guide to Coordinated Vulnerability Disclosure](https://www.hackerone.com/blog/Your-TLDR-Summary-of-The-CERT-Guide-to-Coordinated-Vulnerability-Disclosure){:target="_blank"} (HackerOne)
+    - 2017-08-16 - [This one matters, too: Carnegie Mellon issues guide to disclosing software vulnerabilities responsibly](https://www.cyberscoop.com/carnegie-mellon-sei-cert-vulnerability-disclosure/){:target="_blank"} (cyberscoop)
+    - 2017-08-15 - [CERT Guide to Coordinated Vulnerability Disclosure Released](https://insights.sei.cmu.edu/news/cert-guide-to-coordinated-vulnerability-disclosure-released/){:target="_blank"} (Software Engineering Institute)

docs/howto/coordination/_report_credibility.md

@@ -2,8 +2,8 @@
 
 !!! ssvc inline end "SSVC's Report Credibility Decision Point"
 
-    The content in this section is adapted from the CERT/CC's [Stakeholder-Specific Vulnerability Categorization (SSVC)](https://certcc.github.io/SSVC/)
-    [Report Credibility Decision Point](https://certcc.github.io/SSVC/reference/decision_points/report_credibility/) documentation.
+    The content in this section is adapted from the CERT/CC's [Stakeholder-Specific Vulnerability Categorization (SSVC)](https://certcc.github.io/SSVC/){:target="_blank"}
+    [Report Credibility Decision Point](https://certcc.github.io/SSVC/reference/decision_points/report_credibility/){:target="_blank"} documentation.
 
 An analyst should start with a presumption of credibility and proceed toward disqualification.
 The reason for this is that, as a coordinator, occasionally doing a bit of extra work on a bad report is preferable to rejecting legitimate reports.
@@ -14,7 +14,7 @@ Credibility assessment topics include indicators for and against credibility, pe
 
 ## Credibility Indicators
 
-The credibility of a report is assessed by a [balancing test](https://lsolum.typepad.com/legaltheory/2013/08/legal-theory-lexicon-balancing-tests.html).
+The credibility of a report is assessed by a [balancing test](https://lsolum.typepad.com/legaltheory/2013/08/legal-theory-lexicon-balancing-tests.html){:target="_blank"}.
 The indicators for or against are not commensurate, and so they cannot be put on a scoring scale, summed, and weighed.
 
 !!! note Credibility Definition

docs/howto/coordination/cvd_recipes.md

@@ -33,7 +33,7 @@ In addition to the advice found below, we encourage readers to be familiar with
 </div>
 
 Did you notice something we missed in this list?
-We're taking [suggestions](https://github.com/CERTCC/CERT-Guide-to-CVD/issues).
+We're taking [suggestions](https://github.com/CERTCC/CERT-Guide-to-CVD/issues){:target="_blank"}.
 
 ## CVD Problem-Solving Recipe Cards