VEX! or… How to Reduce CVE Noise With One Simple Trick! - Frederick Kautz

less than 1 minute read

Abstract

CVEs are one of the most valuable tools for determining risk, but they have significant usability issues. Just because you are “vulnerable” to a CVE does not mean you are “affected” by the vulnerability. Small development teams can usually mitigate the risk by having a team member analyze the impact. However, this noise can overwhelm you if you’re running a large-scale vulnerability management program with diverse vendors. The lack of context in a CVE directly impacts your capability to rank vulnerabilities and respond to them efficiently. Enter VEX, the Vulnerability-Exploitability eXchange. In this talk, we will cover what VEX is. We will cover how it integrates with SBOMs, and how it can become a critical capability of your Zero Trust infrastructure. If you’re a consumer, you can use it to help determine the risk of a vulnerability and how to mitigate the vulnerability with computer-assisted tooling. If you’re a vendor, you can use it to communicate actionable information to customers effectively.Click here to view captioning/translation in the MeetingPlay platform!

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

VEX! or… How to Reduce CVE Noise With One Simple Trick! - Frederick Kautz

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google