Understanding Exploitability with VEX, EPSS, and Other Standard Frameworks

Explore the complexities of software security in this 32-minute conference talk from the Cloud Native Computing Foundation (CNCF). Gain a high-level overview of four essential concepts in software security: Vulnerability Exposure Factor (VEX), Exploit Probability and Severity Score (EPSS), Common Vulnerability Scoring System (CVSS), and Software Bill of Materials (SBOMs). Learn how to assess the reachability and exploitability of vulnerabilities within software applications as systems grow increasingly complex. Discover strategies for generating and managing SBOMs for compliance purposes, and explore methods for automating policy and GitOps practices to enhance security posture. Delve into the importance of understanding these frameworks to ensure robust security measures in modern software development and deployment.

Understanding Exploitability with VEX, EPSS, and Other Standard Frameworks - Ayse Kaya, Root