Automated End-to-End VEX Streams You Can Trust

Explore the groundbreaking advancements in Vulnerability Exploitability Exchange (VEX) technology in this 19-minute conference talk by Adolfo García Veytia from Stacklok. Dive into the evolution of VEX over the past two years and discover how the recent adoption of OpenVEX in Go security tooling has revolutionized the field. Learn about the creation of automated VEX streams that eliminate human intervention and provide trustworthy vulnerability assessments based on compiler-generated reachability data. Witness the construction of a trusted end-to-end VEX stream, from code to scanner, and gain insights into the intricate details of a VEX document. Uncover the latest developments in the OpenVEX ecosystem and understand how this milestone marks a new era of maturity in vulnerability communication and management.