bpmcdevitt/security_tools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

added a link to vex summary

Browse source
This commit is contained in:
Brendan McDevitt 2022-08-17 22:10:39 -05:00
parent 4aa8d376b0
commit 2a01cfc859
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
notes/notes_from_blackhat_2022.md
View file

@ -18,7 +18,8 @@ These two urls have all the goto: resources for deep-diving SBOM:
- [cisa](https://www.cisa.gov/sbom)
- [ntia](https://ntia.gov/SBOM)
#### VEX
Vulnerability exploitability exchange.
[Vulnerability exploitability
exchange](https://www.ntia.gov/files/ntia/publications/vex_one-page_summary.pdf).
This can be thought of as a machine-readable security advisory. There is alot of documentation about this one, and I need to learn about it further.
#### Package-url (PURL)
CPE has its limitations and [package-url](https://github.com/package-url/purl-spec) can be an open standard that can improve upon it, or a better way to probably think about it is a way to supplement/enhance on top of CPE. It was vetted by some of the people who wrote HTTP and its a url. A great introduction to it can be found [here](https://www.youtube.com/watch?v=qtl0xA1eVPM)