Keynote: We’re VEXing the Cloud Native Landscape. Bring Your Code! - Adolfo García Veytia, Stacklok
![CNCF [Cloud Native Computing Foundation]](http://yt3.ggpht.com/txe66EjpkDQQlx_4jDV0yA0PPsww0rqQrFhMpDqagLWN2-EUBBO65IuIyy5tEFVmpI4_RRduzXc=s48-c-k-c0x00ffffff-no-rj)
Vložit
- čas přidán 11. 07. 2024
- Don't miss out! Join us at our next Flagship Conference: KubeCon + CloudNativeCon North America in Salt Lake City from November 12 - 15, 2024. Connect with our current graduated, incubating, and sandbox projects as the community gathers to further the education and advancement of cloud native computing. Learn more at kubecon.io
Keynote: We’re VEXing the Cloud Native Landscape. Bring Your Code! - Adolfo García Veytia, Staff Software Engineer, Stacklok
Notorious events such as the xz backdoor often lead to a surge in user inquiries, with repetitive questions becoming a common occurrence. What's more, when a vulnerability doesn't affect your software, scanners may generate false positives. It's a recurring challenge for any application security team. Enter VEX, the Vulnerability Exploitability eXchange, a complementary format to SBOM allowing developers to communicate the impact of vulnerabilities on their software. VEX also provides insights into the triage status and facilitates automation to address false positives in security scanners. In this presentation, we'll delve into how the Kubernetes ReleEng Team, in collaboration with TAG Security, bootstrapped OpenVEX feeds throughout the CNCF ecosystem. Using these initiatives as a roadmap, we'll show how to effortlessly build a new feed and showcase the automation of VEX data, and illustrate through hands-on demos, how consumers and security tools can leverage it effectively. - Věda a technologie
