Yet another small saying is, "put the code over the code that makes use of it", And so the logging need to be near the major, probably in \utilities.
A VEX file for a single, public CVE ID consists of in-depth details https://medium.com/@linkdaddy/what-is-a-source-file-226b0fd56812