VEXinating Your Container Images: The European Way - Dina Truxius, Federal Office for Information Security (BSI) & Jose Antonio Carmona Fombella, VMware

less than 1 minute read


Security and securing Software Supply Chains have become one of the top-priorities in the industry. Upcoming European legislation like Cyber Resilience Act demands for Software Bill of Materials and transparency on vulnerability management in order to facilitate resilience and secure the software supply chain. Products have a larger than ever footprint of upstream dependencies, many from Open Source Software. This exponential growth has irremediably led traditional practices for vulnerability-handling, like static human-targeted web sites, to rapidly become stale. As an answer to these modern demands, Common Security Advisory Framework (CSAF) has been leading a standards-backed Vulnerability Exploitability eXchange (VEX) implementation that is both machine readable and human comprehensible and that provides vendors a way to creating security advisories that can also be used by downstream users to consume security information and to enable automated assessment and remediation.

Sched URL