diff --git a/notes/notes_from_blackhat_2022.md b/notes/notes_from_blackhat_2022.md
index 765cc36..0f5143a 100644
--- a/notes/notes_from_blackhat_2022.md
+++ b/notes/notes_from_blackhat_2022.md
@@ -18,7 +18,8 @@ These two urls have all the goto: resources for deep-diving SBOM:
 - [cisa](https://www.cisa.gov/sbom)
 - [ntia](https://ntia.gov/SBOM)
 #### VEX
-Vulnerability exploitability exchange.
+[Vulnerability exploitability
+exchange](https://www.ntia.gov/files/ntia/publications/vex_one-page_summary.pdf).
 This can be thought of as a machine-readable security advisory. There is alot of documentation about this one, and I need to learn about it further.
 #### Package-url (PURL)
 CPE has its limitations and [package-url](https://github.com/package-url/purl-spec) can be an open standard that can improve upon it, or a better way to probably think about it is a way to supplement/enhance on top of CPE. It was vetted by some of the people who wrote HTTP and its a url. A great introduction to it can be found [here](https://www.youtube.com/watch?v=qtl0xA1eVPM)