Explore the challenges and potential solutions in open source security vulnerability management in this 45-minute talk. Examine the limitations of current vulnerability assessment approaches and compare available enterprise options. Discover how the Vulnerability Exchange Format (VEX) data standard can address the proliferation of CVEs and reduce false positives. Learn about a proposed contextual analysis framework for open source software security and gain insights into creating a more efficient future for the industry. Question traditional methods, analyze alternatives, and uncover strategies to improve vulnerability data quality and risk management in your organization.
VEXing Open Source Security - Vulnerability Data for Everything
Overview
Syllabus
VEXing Open Source Security: Vulnerability Data for Everything - Andrew Martin & Andres Vega
Taught by
Linux Foundation
Tags
Related Courses
-
How to Reduce CVE Noise with VEX - Vulnerability-Exploitability eXchange
-
OSV and the Life of an Open Source Vulnerability
-
Breaking Free from Vulnerability Scanning Noise - Automated VEX Aggregation for Accuracy
-
Open Source Supply Chain Security for Enterprises
-
How to Generate VEX Automatically for Your Project
-
Your Critical System Is - Not? - Vulnerable - CSAF, VEX, SBOM and the Future of Advisories
