change violation type to security and fix logger

Signed-off-by: Ross Murphy <[email protected]>

src/main/java/org/dependencytrack/policy/EpssPolicyEvaluator.java

@@ -30,7 +30,7 @@
 import alpine.common.logging.Logger;
 
 public class EpssPolicyEvaluator extends AbstractPolicyEvaluator {
-    private static final Logger LOGGER = Logger.getLogger(CpePolicyEvaluator.class);
+    private static final Logger LOGGER = Logger.getLogger(EpssPolicyEvaluator.class);
 
     /**
      * {@inheritDoc}

src/main/java/org/dependencytrack/policy/PolicyEngine.java

@@ -140,8 +140,8 @@ public PolicyViolation.Type determineViolationType(final PolicyCondition.Subject
             return null;
         }
         return switch (subject) {
-            case CWE, SEVERITY, VULNERABILITY_ID -> PolicyViolation.Type.SECURITY;
-            case AGE, COORDINATES, PACKAGE_URL, CPE, SWID_TAGID, COMPONENT_HASH, VERSION, VERSION_DISTANCE, EPSS ->
+            case CWE, SEVERITY, VULNERABILITY_ID, EPSS -> PolicyViolation.Type.SECURITY;
+            case AGE, COORDINATES, PACKAGE_URL, CPE, SWID_TAGID, COMPONENT_HASH, VERSION, VERSION_DISTANCE ->
                     PolicyViolation.Type.OPERATIONAL;
             case LICENSE, LICENSE_GROUP -> PolicyViolation.Type.LICENSE;
         };