Explore the complexities of software security in this 32-minute conference talk from the Cloud Native Computing Foundation (CNCF). Gain a high-level overview of four essential concepts in software security: Vulnerability Exposure Factor (VEX), Exploit Probability and Severity Score (EPSS), Common Vulnerability Scoring System (CVSS), and Software Bill of Materials (SBOMs). Learn how to assess the reachability and exploitability of vulnerabilities within software applications as systems grow increasingly complex. Discover strategies for generating and managing SBOMs for compliance purposes, and explore methods for automating policy and GitOps practices to enhance security posture. Delve into the importance of understanding these frameworks to ensure robust security measures in modern software development and deployment.
Understanding Exploitability with VEX, EPSS, and Other Standard Frameworks
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Syllabus
Understanding Exploitability with VEX, EPSS, and Other Standard Frameworks - Ayse Kaya, Root
Taught by
CNCF [Cloud Native Computing Foundation]
Related Courses
-
How to Reduce CVE Noise with VEX - Vulnerability-Exploitability eXchange
-
SBOMs, VEX, and Kubernetes - Software Supply Chain Security in Cloud Native Environments
-
How to Generate VEX Automatically for Your Project
-
Breaking Free from Vulnerability Scanning Noise - Automated VEX Aggregation for Accuracy
-
Enabling VEX and Full SBOM Coverage with Wolfi Based Containers
-
VEX Overview - Cybersecurity and Infrastructure Security Agency
