I agree with you there. Before CISA got sacked / taken down, they were working together with the BSI and other CERT agencies on a vulnerability exchange format.

This might be the optimum time to implement CSAF and to lead by example when it comes to vulnerability disclosures.