We had a quick discussion about the use of CSAF in GCVE and especially about BCP-05 (if we stick with CVE record format or going for something more versatile).
In order to review, what’s possible, we did a quick extension for CSAF 2.1 CSD available at https://gcve.eu/schema/csaf/extensions/gcve-bcp-05-x-01_1.0.0.json and we tested a conversion of the GCVE enriched CVE dump
It’s still in very early stage. We also mention it to the CSAF OASIS TC.