Very neat! Thanks for getting this started.
> On Nov 8, 2023, at 9:49 AM, Volkan Yazıcı <vol...@yazi.ci> wrote:
>
> Today I have published the CycloneDX Vulnerability Disclosure Report (VDR)
> <https://cyclonedx.org/capabilities/vdr> Piotr and I have been working on.
> This VDR is expected to contain all CVEs filed by Logging Services. All our
> SBOMs will point to this one-and-only VDR file with the most recent
> `logging-parent` release.
>
> *Public URL:* https://logging.apache.org/cyclonedx/vdr.xml
> *Canonical URL:*
> https://logging.apache.org/cyclonedx/urn:uuid:dfa35519-9734-4259-bba1-3e825cf4be06
> *Source:*
> https://github.com/apache/logging-site/blob/cyclonedx/urn%3Acdx%3Adfa35519-9734-4259-bba1-3e825cf4be06/1.xml
>
> I already filled in all CVEs published against Log4j. I will appreciate it
> if the rest of you can help us to do the same for Chainsaw, Log4cxx, etc.
>
> Please do create a PR for your changes (I will be more than happy to review
> them!) and follow a chronological order (newer CVE comes first) in
> `vulnerability` entries.
