Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the comprehensive world of software vulnerability management in this 36-minute conference talk from DevConf.CZ 2025. Dive deep into vulnerability discovery as a crucial component of software supply chain security, examining how organizations identify which components in their software projects are affected by vulnerabilities, assess their exploitability, and determine the severity of potential exploits. Learn about different organizational approaches ranging from commercial software scanners to embedding Software Supply Chain Security (SSCS) practices early in development processes to prevent vulnerable project usage and release. Discover the behind-the-scenes mechanics of software vulnerability management, including data sources, exchange formats, and the intricate world of CVEs and VEXs (Vulnerability Exchange). Understand how initiatives like the OSV (Open Source Vulnerability) database contribute to maintaining security standards while navigating the challenges of operating in a multi-truth environment. Witness a live demonstration of project Trustify, which collects and analyzes vulnerability data to provide up-to-date vulnerability information for Software Bills of Materials (SBOMs), offering practical insights into modern vulnerability management workflows.
