VEXing Open Source Security - Vulnerability Data for Everything

Explore the challenges and potential solutions in open source security vulnerability management in this 45-minute talk. Examine the limitations of current vulnerability assessment approaches and compare available enterprise options. Discover how the Vulnerability Exchange Format (VEX) data standard can address the proliferation of CVEs and reduce false positives. Learn about a proposed contextual analysis framework for open source software security and gain insights into creating a more efficient future for the industry. Question traditional methods, analyze alternatives, and uncover strategies to improve vulnerability data quality and risk management in your organization.

VEXing Open Source Security: Vulnerability Data for Everything - Andrew Martin & Andres Vega