Hi all! Many of our projects struggle with the format of creating Mitre CVEs and various text representations of vulnerabilities needed for public mailing lists as per our security policy.
But, one of the CVE automation working group members has been working on a nice javascript tool that simplifies all this (https://vulnogram.github.io/), and I'm working with it and him on making it so we can do an easy customisation to guide ASF projects through the process. The tool runs standalone just static content once built (it may pull from /public jsons too) so I'd really just need somewhere I can commit to that appears under whimsy. In the future the tool may even be able to submit direct to Mitre so it'd make sense to start it with requiring /committer/ access to run it. So this could be as simple as agreeing a location and allowing me to update things there? Mark
