Re: Forwarding email per Matt Sicker suggestion

Thu, 30 Dec 2021 14:46:39 -0800 

On Tue, Dec 21, 2021 at 2:41 AM Ralph Goers <ralph.go...@dslextreme.com>
wrote:

> Thanks Dick,
>
> I am totally unfamiliar with this. Is there somewhere to read about what
> this is all about?
>
> Ralph
>

Resending, including Dick in the recipients.


>
> > On Dec 20, 2021, at 7:18 AM, Dick Brooks <
> d...@reliableenergyanalytics.com> wrote:
> >
> > Hello,
> >
> > This sort of suggestion would be better sent to our development mailing
> list (dev@logging.apache.org <mailto:dev@logging.apache.org>). I’ll note
> that we use Apache Maven for our build system, and a quick search shows
> that <https://github.com/CycloneDX/cyclonedx-maven-plugin <
> https://github.com/CycloneDX/cyclonedx-maven-plugin>> might be a useful
> plugin to propose for generating the SBOM as part of our standard release
> process. I do think it’s a good idea, but this topic should be discussed in
> our public list and not on the private list.
> > --
> > Matt Sicker
> >
> >
> > On Dec 19, 2021, at 12:48, Dick Brooks <d...@reliableenergyanalytics.com
> <mailto:d...@reliableenergyanalytics.com>> wrote:
> >
> > I’ve created an SPDX SBOM for Log4j V 2.17.0-core along with a companion
> baseline vulnerability disclosure report (VDR), based on NIST NVD search
> results:
> > https://github.com/rjb4standards/REA-Products/tree/master/Log4jUseCase <
> https://github.com/rjb4standards/REA-Products/tree/master/Log4jUseCase>
> >
> > Please read the README.md first to understand the limitations of this
> info.
> >
> > I encourage the Log4j team to consider updating the FixStatus and
> AnalysisFindings elements for each reported CVE. I’m happy to assist in
> this effort.
> >
> > Thanks,
> >
> > Dick Brooks
> > <image001.png>
> > Never trust software, always verify and report! <
> https://reliableenergyanalytics.com/products> ™
> > http://www.reliableenergyanalytics.com <
> http://www.reliableenergyanalytics.com/>
> > Email: d...@reliableenergyanalytics.com <mailto:
> d...@reliableenergyanalytics.com>
> > Tel: +1 978-696-1788
> >
> >
> >
> > Thanks,
> >
> > Dick Brooks
> >
> > Never trust software, always verify and report! <
> https://reliableenergyanalytics.com/products> ™
> > http://www.reliableenergyanalytics.com <
> http://www.reliableenergyanalytics.com/>
> > Email: d...@reliableenergyanalytics.com <mailto:
> d...@reliableenergyanalytics.com>
> > Tel: +1 978-696-1788
>
>

Reply via email to