added a link to vex summary
This commit is contained in:
parent
4aa8d376b0
commit
2a01cfc859
1 changed files with 2 additions and 1 deletions
|
|
@ -18,7 +18,8 @@ These two urls have all the goto: resources for deep-diving SBOM:
|
||||||
- [cisa](https://www.cisa.gov/sbom)
|
- [cisa](https://www.cisa.gov/sbom)
|
||||||
- [ntia](https://ntia.gov/SBOM)
|
- [ntia](https://ntia.gov/SBOM)
|
||||||
#### VEX
|
#### VEX
|
||||||
Vulnerability exploitability exchange.
|
[Vulnerability exploitability
|
||||||
|
exchange](https://www.ntia.gov/files/ntia/publications/vex_one-page_summary.pdf).
|
||||||
This can be thought of as a machine-readable security advisory. There is alot of documentation about this one, and I need to learn about it further.
|
This can be thought of as a machine-readable security advisory. There is alot of documentation about this one, and I need to learn about it further.
|
||||||
#### Package-url (PURL)
|
#### Package-url (PURL)
|
||||||
CPE has its limitations and [package-url](https://github.com/package-url/purl-spec) can be an open standard that can improve upon it, or a better way to probably think about it is a way to supplement/enhance on top of CPE. It was vetted by some of the people who wrote HTTP and its a url. A great introduction to it can be found [here](https://www.youtube.com/watch?v=qtl0xA1eVPM)
|
CPE has its limitations and [package-url](https://github.com/package-url/purl-spec) can be an open standard that can improve upon it, or a better way to probably think about it is a way to supplement/enhance on top of CPE. It was vetted by some of the people who wrote HTTP and its a url. A great introduction to it can be found [here](https://www.youtube.com/watch?v=qtl0xA1eVPM)
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue