VEXinating Container Images: The European Approach to Software Supply Chain Security

Explore the European approach to securing container images in this 39-minute conference talk from the Cloud Native Computing Foundation (CNCF). Delve into the importance of Software Bill of Materials and vulnerability management in light of upcoming European legislation like the Cyber Resilience Act. Discover how the Common Security Advisory Framework (CSAF) is leading a standards-backed Vulnerability Exploitability eXchange (VEX) implementation to address modern demands for software supply chain security. Learn about machine-readable and human-comprehensible security advisories that enable automated assessment and remediation, crucial for managing the growing footprint of upstream dependencies in software products.

VEXinating Your Container Images: The European Way - Dina Truxius & Jose Antonio Carmona Fombella