home.social

#openvex — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #openvex, aggregated by home.social.

  1. 🌟 OpenSSF Project Spotlight: #OpenVEX

    Adolfo Veytia walks us through how OpenVEX helps developers clearly communicate which vulnerabilities actually impact their software - and which don’t.

    youtu.be/dGOiWFNKKpM?si=SJIpCx

  2. I'm about to present how to generate #OpenVEX data from #SBOM the hard and the easy way at #OSSummit. There will be fast cars, car crashes and lots of bad stock photos!

    Come and have fun with me and @wolfi at 3:55 pm, room 0C.

  3. SBOM alone may not encode enough detail to separate non-exploitable vulnerabilities from exploitable ones writes Surendra Pathak in our latest guest blog on #VDR, #VEX, #OpenVEX and #CSAF openssf.org/blog/2023/09/07/vd

  4. At the heart of the CVE process and the matching done with the NVD database is the name of the manufacturer and the artefact - the software, system, library or mobile application. It's vital for this to work that the name in the #SBOM is correct to make the match work. The community has developed #PURL - package URL - to improve but so far the CVE/NVD eco system has not adopted PURL.

    This needs to be fixed to make sure that the name in the SBOM matches the right set of vulnerabilities.

    #SBOM #securesupplychain #CycloneDX #OpenVEX #VEX #OpenSource