Dear colleagues,
as discussed in today's TC meeting regarding Issue 832 "Need real examples of VEX based on actual products and known vulnerabilities, such as Log4J" (https://github.com/oasis-tcs/csaf/issues/832):
I hereby submit the following call to action and request that all TC members check whether they have valid CSAF VEX for the Log4Shell vulnerabilities and if so are able to share/link them in the issue. Please link or share them directly in the issue.
Best regards,
Thomas
------------------------------
Thomas Schmidt
Subject Matter Expert
Federal Office for Information Security (BSI) Germany
------------------------------