On Tue, Dec 21, 2021 at 2:41 AM Ralph Goers <ralph.go...@dslextreme.com> wrote:
> Thanks Dick, > > I am totally unfamiliar with this. Is there somewhere to read about what > this is all about? > > Ralph > Resending, including Dick in the recipients. > > > On Dec 20, 2021, at 7:18 AM, Dick Brooks < > d...@reliableenergyanalytics.com> wrote: > > > > Hello, > > > > This sort of suggestion would be better sent to our development mailing > list (dev@logging.apache.org <mailto:dev@logging.apache.org>). I’ll note > that we use Apache Maven for our build system, and a quick search shows > that <https://github.com/CycloneDX/cyclonedx-maven-plugin < > https://github.com/CycloneDX/cyclonedx-maven-plugin>> might be a useful > plugin to propose for generating the SBOM as part of our standard release > process. I do think it’s a good idea, but this topic should be discussed in > our public list and not on the private list. > > -- > > Matt Sicker > > > > > > On Dec 19, 2021, at 12:48, Dick Brooks <d...@reliableenergyanalytics.com > <mailto:d...@reliableenergyanalytics.com>> wrote: > > > > I’ve created an SPDX SBOM for Log4j V 2.17.0-core along with a companion > baseline vulnerability disclosure report (VDR), based on NIST NVD search > results: > > https://github.com/rjb4standards/REA-Products/tree/master/Log4jUseCase < > https://github.com/rjb4standards/REA-Products/tree/master/Log4jUseCase> > > > > Please read the README.md first to understand the limitations of this > info. > > > > I encourage the Log4j team to consider updating the FixStatus and > AnalysisFindings elements for each reported CVE. I’m happy to assist in > this effort. > > > > Thanks, > > > > Dick Brooks > > <image001.png> > > Never trust software, always verify and report! < > https://reliableenergyanalytics.com/products> ™ > > http://www.reliableenergyanalytics.com < > http://www.reliableenergyanalytics.com/> > > Email: d...@reliableenergyanalytics.com <mailto: > d...@reliableenergyanalytics.com> > > Tel: +1 978-696-1788 > > > > > > > > Thanks, > > > > Dick Brooks > > > > Never trust software, always verify and report! < > https://reliableenergyanalytics.com/products> ™ > > http://www.reliableenergyanalytics.com < > http://www.reliableenergyanalytics.com/> > > Email: d...@reliableenergyanalytics.com <mailto: > d...@reliableenergyanalytics.com> > > Tel: +1 978-696-1788 > >