marcelstoer commented on PR #4080: URL: https://github.com/apache/logging-log4j2/pull/4080#issuecomment-4327229198
No need to be sorry about this. You did what you could and I sure do appreciate that. > maybe you can convince your organization to source vulnerability records directly from the CVE database or GitHub Advisories? I'm involved with the OWASP Dependency Check project. We use it heavily at my org. > Not that the latter currently imports from NVD, so we had to manually improve the GitHub Advisories entry I have been through that process a couple of times myself. It's a huge benefit that the GHSA program accepting PRs for their entries. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
