Explore the challenges and potential solutions in open source security vulnerability management in this 45-minute talk. Examine the limitations of current vulnerability assessment approaches and compare available enterprise options. Discover how the Vulnerability Exchange Format (VEX) data standard can address the proliferation of CVEs and reduce false positives. Learn about a proposed contextual analysis framework for open source software security and gain insights into creating a more efficient future for the industry. Question traditional methods, analyze alternatives, and uncover strategies to improve vulnerability data quality and risk management in your organization.
VEXing Open Source Security - Vulnerability Data for Everything
Overview
Syllabus
VEXing Open Source Security: Vulnerability Data for Everything - Andrew Martin & Andres Vega
Taught by
Linux Foundation
Tags
Related Courses
-
How to Reduce CVE Noise with VEX - Vulnerability-Exploitability eXchange
-
How to Generate VEX Automatically for Your Project
-
Enabling VEX and Full SBOM Coverage with Wolfi Based Containers
-
OWASP Flagship Projects - OWASP Dependency-Check
-
Your Critical System Is - Not? - Vulnerable - CSAF, VEX, SBOM and the Future of Advisories
-
Practical Approach to Automate the Discovery and Eradication of Open-Source Software Vulnerabilities
