Followup to yesterday’s post on VEX
- Sep 16, 2021 2:33 pm GMT
My post yesterday discussed the concept of VEX, a document that can be described as a “negative security advisory”. The format for this document was recently developed by a working group in the NTIA software component transparency initiative, working in conjunction with the OASIS CSAF project. At the end of the post, I suggested that VEX could solve not just the problem it was designed to address - the fact that a large percentage of vulnerabilities found in components included in a software product aren’t in fact exploitable in the product itself - but a much wider problem.
No discussions yet. Start a discussion below.
Get Published - Build a Following
The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.