Add list of contraindictors for becoming a CNA

docs/guides/becoming-a-cna-as-an-open-source-org-or-project.md

@@ -34,6 +34,15 @@ Below are some of the benefits of becoming a CNA:
 * **CVEs can't be issued for projects in a CNA's scope without first reporting to the CNA.** This means that reporters _must_ initially engage with your CNA, thus reducing confusion and allowing subject-matter experts on the project and security policy to weigh in on whether to create a CVE for a given disclosure.
 * **Assign CVE IDs without needing to share embargoed information with other organizations.** This allows the project to determine for themselves  who, if anyone, needs or gets pre-disclosure information.
 
+In addition to the requirements detailed below the following should be considered before becoming a CNA:
+
+* **You don't need to become a CNA to get CVEs issued for your project**. Multiple CNAs already cover OSS projects
+  like Red Hat and GitHub. Becoming a new CNA should only be considered if the existing CNAs don't meet
+  the needs of the project.
+* **Becoming a CNA adds a new commitment.** You must have the time and knowledge necessary to implement CNA processes.
+  Being a CNA is an ongoing commitment so your project should have multiple people able to manage the CNA and plans for continuity.
+* **Issuing CVEs is the most important role of a CNA.** If you don't plan on issuing CVEs then becoming a CNA is not necessary.
+
 ## Requirements to become a CNA
 
 Before becoming a CNA you can look at the below set of requirements to make sure joining the CNA Program is feasible for your project or organization. **Remember that you can always leave and rejoin the CNA Program at a later date if circumstances change.**