Digital Utility Group
The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation.
Shared Link
Vulnerability and Exploitability Transparency - VDR & VEX | OWASP Foundation
Many thanks to Steve Springett with the OWASP organization for documenting the differences between the NIST Vulnerability Disclosure Report standard and the many, differing, VEX proposals that are being floated. (Click Read More) below for Steve's analysis.
NIST VDR is the only stable standard available to report software vulnerabilities at the SBOM component level that also serves as an "attestation" showing that a software vendor has checked each component within an SBOM for vulnerabilities and reports the status to consumers within the VDR.
Vulnerability and Exploitability Transparency - VDR & VEX | OWASP Foundation
Vulnerability and Exploitability Transparency - VDR & VEX on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
Discussions
No discussions yet. Start a discussion below.
- Trip Report ISO New England Consumer Liaison Group Meeting Portsmouth NH
- The PJM Board of Managers has directed PJM to seek delay of the upcoming capacity market auctions
- CISA director urges top business leaders, board members to take cyber risk ownership
- Not ‘sick or dying or dead’: The great benefit of RTOs
Get Published - Build a Following
The Energy Central Power Industry Network® is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.
If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.
Your access to Member Features is limited.
Sign in to Participate