Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the critical world of software vulnerability management in this 21-minute conference talk that demystifies the complex landscape of security threats in software supply chains. Dive deep into the mechanisms behind vulnerability discovery, examining where vulnerability data originates and the various formats used for data exchange across the industry. Learn about the essential role of CVEs (Common Vulnerabilities and Exposures) and VEXs (Vulnerability Exchange) in the security ecosystem, while discovering how initiatives like the OSV (Open Source Vulnerability) database contribute to maintaining software safety. Understand the different organizational approaches to vulnerability management, from commercial software scanners to embedding Software Supply Chain Security (SSCS) practices early in development processes to prevent the use and release of vulnerable projects. Navigate the challenges of operating in a multi-truth environment where conflicting vulnerability information exists across different sources. Gain insights into determining which components in software projects are affected by specific vulnerabilities, assessing their exploitability, and understanding the severity of potential exploits. Witness a practical demonstration of project Trustify, an open-source tool that collects and analyzes vulnerability data to provide current vulnerability information for Software Bills of Materials (SBOMs), showcasing real-world applications of vulnerability management principles.
![CNCF [Cloud Native Computing Foundation]](https://www.classcentral.com/cdn-cgi/image/height=40,format=auto,quality=85/images/logos/institutions/cncf-cloud-native-computing-foundation-hz.png){kind=small}
