VEXinating Your Container Images: The European Way - Dina Truxius, Federal Office for Information Security (BSI) & Jose Antonio Carmona Fombella, VMware

less than 1 minute read

Abstract

Security and securing Software Supply Chains have become one of the top-priorities in the industry. Upcoming European legislation like Cyber Resilience Act demands for Software Bill of Materials and transparency on vulnerability management in order to facilitate resilience and secure the software supply chain. Products have a larger than ever footprint of upstream dependencies, many from Open Source Software. This exponential growth has irremediably led traditional practices for vulnerability-handling, like static human-targeted web sites, to rapidly become stale. As an answer to these modern demands, Common Security Advisory Framework (CSAF) has been leading a standards-backed Vulnerability Exploitability eXchange (VEX) implementation that is both machine readable and human comprehensible and that provides vendors a way to creating security advisories that can also be used by downstream users to consume security information and to enable automated assessment and remediation.

Sched URL

Video

Twitter Facebook LinkedIn

About

Conferences

VEXinating Your Container Images: The European Way - Dina Truxius, Federal Office for Information Security (BSI) & Jose Antonio Carmona Fombella, VMware

Abstract

Video

You May Also Enjoy

You Shall Not Pass! Unless You Are GUAC Verified…. - Parth Patel, Kusari & Dejan Bosanac, Red Hat

Living off the Land Techniques in Managed Kubernetes Clusters - Ronen Shustin & Shay Berkovich, Wiz

Leveraging OCI 1.1 for Enhanced SBOM Integration and Vulnerability Scanning in Harbor - Anais Urlichs, Aqua Security & Shengwen Yu, VMware

Lessons Learned from Generating 100M SBOMs: Google’s Approach to SBOM Compliance - Brandon Lum & Isaac Hepworth, Google