Not that it’s relevant to adopt right away, but do note that there is a CVSS 4.0 now (that was finished quite recently) which is supposed to produce more useful severity scores.
> On Nov 6, 2023, at 2:17 PM, Volkan Yazıcı <vol...@yazi.ci> wrote: > > I have created #1948 <https://github.com/apache/logging-log4j2/pull/1948> > refactoring the Log4j security page. See the PR description for details. > Reviews are welcome.