I looked on english.ncsc.nl's news section (it's the most recently published article) and it seems to be referencing OpenBSD's security page as the reason this "CVD" doesn't involve the developers and thus isn't really a CVD.
The link is over linelen characters long and it may have gotten truncated.
On 29 October 2021 17:52:09 UTC, Jean St-Laurent via NANOG <nanog@nanog.org> wrote: