Loading…
Attending this event?
Thursday November 7, 2024 10:30am - 10:55am PST
Cortez Frazier Jr., FOSSA, Principal Product Manager

If you work in vulnerability management or DevSecOps programs, you’re probably familiar with the painful condition known as CVE overload. Each year, tens of thousands of new vulnerabilities are reported, which causes stress and late nights for the teams tasked with remediating them.

And that’s not to mention the herculean tax of distinguishing between potential vulnerabilities and confirmed vulnerabilities. The reality that most vulnerabilities are only potentially exploitable (as determined by the deployed context of each package) also means remediation often results in a lot of wasted time and effort.

A proposed solution is VEX (Vulnerability Exploitability eXchange): a set of formats that communicates vulnerability impact status, whether a vulnerability is exploitable in its deployed context, and mitigation steps. In theory, VEX (when used alongside other prioritization inputs) makes it possible to remediate more efficiently. But as with most security frameworks, efficacy depends on proper implementation.

This talk will cover five steps to leveraging VEX throughout the vulnerability remediation lifecycle, from the time a vulnerability is disclosed to the time you publish and distribute a VEX statement. We’ll cover the tools and workflows teams need to know to effectively use VEX in their organizations.
Speakers
avatar for Cortez Frazier Jr.

Cortez Frazier Jr.

Principal Product Manager, FOSSA
Cortez Frazier Jr. is the product lead for FOSSA’s SaaS and on-premises enterprise applications. FOSSA is a developer tool (in the software composition analysis category) for managing open source license compliance and security vulnerabilities.Before joining FOSSA, Cortez served... Read More →
Thursday November 7, 2024 10:30am - 10:55am PST
CloudX -- Main Stage

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Share Modal

Share this link via

Or copy link