Source: thenewstack.io
You’ll Soon Be Using Vulnerability Exploitability eXchange
With VEX, you can use SBOMs to help secure your code. The good thing about https://thenewstack.io/how-to-create-a-software-bill-of-materials/ pronounced SBOMB — is they show you a complete inventory of your application’s open source components.
You can do this by representing VEX data inside an existing SBOM, or within a dedicated VEX SBOM. Within VEX records, you’ll find the following elements: VEX metadata includes VEX Format Identifier, Identifier string for the VEX document, Author, Author role, and Timestamp.
With VEX, you’ll be able to spot the affected vulnerabilities while letting them ignore component vulnerabilities that aren’t exploitable.
You can do this by representing VEX data inside an existing SBOM, or within a dedicated VEX SBOM. Within VEX records, you’ll find the following elements: VEX metadata includes VEX Format Identifier, Identifier string for the VEX document, Author, Author role, and Timestamp.
With VEX, you’ll be able to spot the affected vulnerabilities while letting them ignore component vulnerabilities that aren’t exploitable.
Related Articles
Community Partners
DevOps Careers