Irish Information Security Forum

When to Issue VEX Information

Source: CISA
Release Date: November 06, 2023

Today, CISA published "When to Issue Vulnerability Exploitability eXchange (VEX) Information", developed by a community of industry and government experts with the goal to offer some guidance and structure for the software security world, including the large and growing global SBOM community.

This guide explains the circumstances and events that could lead an entity to issue VEX information and describes the entities that create or consume VEX information. Whether, and when, to issue VEX information is a business decision for most suppliers and possibly a more individual decision for independent open source developers. This document identifies factors that influence the decision.

Download

(PDF, 229.76 KB )

If you are interested in finding out more about the IISF, or would like to attend one of our Chapter Meetings as an invited guest, please contact the
IISF Secretary:

By email:
secretary@iisf.ie

By post:

David Cahill

Information Security

GPO, 1-117
D01 F5P2

Enhance your Cybersecurity knowledge and learn from those at the coalface of information Security in Ireland

FORUM SPONSORS

We would like to thank these generous sponsors for their support.

Sponsors are featured prominently throughout the IISF.IE website, social media channels as well as enjoying other benefits Read more

More News

Phishing: Stopping the Attack Cycle at Phase One
Outlining phishing techniques malicious actors commonly use and providing guidance for both network defenders and software manufacturers.

Meta banned from Processing Personal Data
Irish DPA to Ban Meta from Processing Personal Data for Behavioural Advertising Following EDPB Urgent Binding Decision

IISF Members / Sponsors

secured by edgescan digital security radar logo