Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

How to Reduce CVE Noise with VEX - Vulnerability-Exploitability eXchange

CNCF [Cloud Native Computing Foundation] via YouTube

Overview

Explore the concept of VEX (Vulnerability-Exploitability eXchange) and its potential to revolutionize CVE management in this informative conference talk. Learn how VEX can significantly reduce CVE noise and improve vulnerability assessment processes for both small development teams and large-scale vulnerability management programs. Discover the integration of VEX with SBOMs (Software Bill of Materials) and its role in enhancing Zero Trust infrastructure. Gain insights into using VEX as a consumer to better determine vulnerability risks and mitigation strategies, as well as its application for vendors in effectively communicating actionable information to customers. Delve into topics such as software build materials, modeling gaps, mapping, policies, workflows, and the challenges associated with SBOMs. Examine the role of open-source in VEX implementation and understand the structure of VEX documents. Conclude with a discussion on duplicate CVEs and the broader implications of VEX in the cybersecurity landscape.

Syllabus

Intro
Risk
Value
Cost
Log for Shell
Main Message
Software Build Materials
Modeling Gap
Mapping
Not everything is affected
Policies
VEX
Workflow
Gaps
Questions
Sbomb
Sbomb Problems
Open Source
VEX Documents
Is there a repository
CycloneDX
What VEX is trying to do
Duplicate CVs
Conclusion

Taught by

CNCF [Cloud Native Computing Foundation]

Reviews

Start your review of How to Reduce CVE Noise with VEX - Vulnerability-Exploitability eXchange

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.