Learn how to effectively manage CVEs using VEX documents in this security conference talk from BSides London. Discover practical solutions for application security engineers facing overwhelming vulnerability management challenges, including dealing with increasing CVE volumes, scanner inaccuracies, and dependency requirements. Explore a proven workflow implemented at Cilium that leverages VEX documentation to automate CVE exclusions, distribute security triage responsibilities, and generate comprehensive vulnerability applicability documentation. Through real-world examples from Isovalent's security practices, gain insights into implementing VEX documents to streamline security workflows and focus efforts on addressing genuine vulnerabilities rather than getting bogged down in spreadsheet management.
VEXatious Vulnerabilities: CVE Management for the Overwhelmed Security Engineer
Security BSides London via YouTube
Overview
Syllabus
VEXatious Vulnerabilities: CVE Management For The Overwhelmed Security Engineer - Feroz Salam
Taught by
Security BSides London
Related Courses
-
Fundamentals of Vulnerability Management
-
From CVE Chaos to Control: Building a Zero CVE Strategy
-
![CNCF [Cloud Native Computing Foundation]](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Flogos%2Finstitutions%2Fcncf-cloud-native-computing-foundation-hz.png?auto=format&blur=200&h=40&ixlib=php-4.1.0&px=16&s=39a7386e89fe41aff1e1aa4e9df07aa2)
CVE Context Matters - Prioritizing Vulnerabilities in Cloud-Native Projects
-
Open Source CVE Monitoring and Management - Cutting Through the Vulnerability Storm
-
How to Reduce CVE Noise with VEX - Vulnerability-Exploitability eXchange
-
Keeping Up with CVEs - Security Response Management Best Practices
![CNCF [Cloud Native Computing Foundation]](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Flogos%2Finstitutions%2Fcncf-cloud-native-computing-foundation-hz.png?auto=format&h=40&ixlib=php-4.1.0&s=41ac519a3d7def6c705637a8ae3c06c4){kind=small}
